svchost.exe 100% Auslastung, C-Laufwerk läuft voll

ecreif · 20.06.2014, 18:14

Hallo, jetzt hab ich mich hier auch einmal angemeldet weil ich auf eigene Faust nicht weiterkomme.

Ich hab einiges versucht daher hier der ungefähre Ablauf:

Schon länger hab ich bemerkt dass mein C dauernd voll läuft (500MB in ca 30 Minuten) und habe daher immermal wieder Etwas gelöscht. Ich habe zu erst nichts Schlimmes vermutet da meine Recherche auf den berüchtigten C:\Windows\winsxs Ordner hinauslief.
Dann sind mir aber einige merwürdige Dinge aufgefallen. (Ca 2 Wochen her)
Nach dem Booten wurde mir plötzlich immer eine Fehlermeldung angezeigt mit Speicherzugriffsverletzung von einer (Name aus dem Gedächtnis) mnsvw.dat in C:\ProgramData\.

Außerdem viel mir auf, dass 2 svchost.exe Prozesse ständig auf einem Kern mit 100% Auslastung laufen. Einmal mit Starparameter -k Dcomlaunch und -k LocalSystemNetworkResricted.
Dazu läuft Skype seit 2 Tagen nicht mehr richtig. Es hat ebenfalls eine hohe Auslastung und reagiert nicht mehr.

Desweiteren hatte ich immer komische kurze Kratzer und Lags wenn ich Musik etc gehört hab (alle 10-20 Minuten ca. Manchmal öfter).

Also bin ich in den abgesicherten Modus und hab Spybot S&D und Malwarebytes laufen lassen. Letzeres hat 152 Infizierte Dateien gefunden. u.a. auch diese mnsvw.dat.
Alles gelöscht und gefixt. So ist auch die Fehlermeldung nach dem Booten verschwunden. Dennoch blieb das Problem mit der svchost.exe und dem Festplattenspeicher volllaufen.
Daher hab ich speziell danach gegoogelt und herausgefunden das Manche durch deinstallieren des ATI HDMI Audio Treibers das Problem gelöst haben. Ich hab diesen Treiber nicht aber habe dennoch alle Audio Treiber deinstalliert.
Problem bestand leider weiterhin.
Ich sollte vielleicht noch erwähnen dass ich mit Spybot im normal laufenden System ein kompletten Scan machen wollte, dieser aber bei "ZoomPlayer" hängen geblieben ist. Er zeigte eine Stunde lang "noch 457 Minuten" an.

Dann hatte ich ein Programm im Verdacht: NetLimiter 3. Denn das Teil schien nach einiger Analyse ein File zu schreiben dass über 700MB groß wurde und auf das jeden tag zugegriffen wurde. Das Programm lies sich kaum beenden und entfernen bzw deinstallieren. Also wieder abgesicherter Modus und dort alles gelöscht. (Ich hab das Program willentlich installiert)

Über Msconfig hab ich auch alle unbekannten Dienste und Programme deaktiviert.

Geholfen hat alles nichts.

Ich hab auch noch probiert meine Netwerkverbindung zu deaktivieren. Darauf reagiert der Rechner aber überhaupt nicht.

Dann hab ich noch eine Dateiüberwachung für mein C-Laufwerk hinzugefügt um rauszufinden welcher Prozess mein C voll macht. Leider kommen überhaupt keine Ereignisse dazu in meiner Ereignisanzeige an. Selbst als ich manuell eine Datei hinzugefügt habe zeigt er mir das nicht an. (Es gab auch beim Hinzufügen der Überwachung ein paar Ordner auf denen er das nicht anwenden konnte)

Es war vielleicht etwas dämlich aber ich hab einfach ins Blaue hinein diese ComboFix.exe ausgeführt, der hat allerlei zeug gemacht und gelöscht aber geholfen hat es nicht.

Also bin ich mit meinem Rat am Ende.

Ich vermute ich bin Teil eines Botnetzes oder jemand versucht sowas wie Bitcoins mit meinem Rechner zu schürfen, daher der Platzverbrauch.

Ich hatte auch ein Problem vor ca 3 Monaten mit einem (unwichtigen) Emailkonto, wo plötzlich alle Mails weg waren und ich ständig Antwort-Mails bekommen hab dass aufgrund von Spam meine Mails nicht zugestellt wurden. Hängt vielleicht damit zusammen.

Ich hoffe mir kann jemand hier helfen.

Vielen Dank im voraus
ecreif

schrauber · 20.06.2014, 18:44

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ecreif · 20.06.2014, 18:59

Hab wohl die Themaeröffnungsanleitung übersehen. Tut mir Leid. Hier die Logs (Meinen Namen hab ich aus eigenem Interesse mal mit XXXXX zensiert):

Ich bin Programmierer, also über diverse Tools nicht wundern

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2014
Ran by XXXXX (administrator) on XXXXX-PC on 20-06-2014 19:44:10
Running from D:\Data\Downloadz
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(SANDBOXIE L.T.D) D:\Data\Toolz\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Apache Software Foundation) I:\VisualSVN Server\bin\VisualSVNServer.exe
() D:\Data\Toolz\puush\puush.exe
(Apache Software Foundation) I:\VisualSVN Server\bin\VisualSVNServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(JAM Software) D:\Data\Toolz\TreeSize\TreeSizeFree.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Safer-Networking Ltd.) D:\Data\Toolz\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) D:\Data\Toolz\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) D:\Data\Toolz\Spybot - Search & Destroy 2\SDWSCSvc.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() D:\Data\Downloadz\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => D:\Data\Toolz\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\Run: [puush] => D:\Data\Toolz\puush\puush.exe [567880 2014-03-14] ()
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\Run: [Spybot-S&D Cleaning] => D:\Data\Toolz\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E7184A47F73CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Plugin for GeneralDownloader - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\XXXXX\AppData\Roaming\General Downloader\Extensions\IEPlugin64.dll (General World)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: haufereader - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{A7AFB675-BB88-478E-A8B7-8B72D2B6CA0A}: [NameServer]192.168.179.1
Tcpip\..\Interfaces\{F4459F9F-E811-4E77-8C48-E1A4A6AEC2E0}: [NameServer]208.67.222.222,192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\XXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: General Downloader plugin - C:\Users\XXXXX\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@generaldownloader.com [2011-10-11]
FF Extension: General Crawler - C:\Users\XXXXX\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2011-10-11]
FF Extension: Lightbeam - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-01-15]
FF Extension: NO Google Analytics - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-01-15]
FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-04-01] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; D:\Data\Toolz\Sandboxie\SbieSvc.exe [94992 2011-11-23] (SANDBOXIE L.T.D)
R2 SDScannerService; D:\Data\Toolz\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Data\Toolz\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Data\Toolz\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VisualSVNServer; I:\VisualSVN Server\bin\VisualSVNServer.exe [24424 2011-10-10] (Apache Software Foundation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-17] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-08] (Wacom Technology, Corp.)
S2 Apache2.2; "I:\Apache\bin\httpd.exe" -k runservice [X]
S2 CLKMSVC10_22035577; "H:\f!3rce\Progz\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe" /svc [X]

==================== Drivers (Whitelisted) ====================

R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-10-12] (DT Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
S3 RivaTuner64; D:\Data\Toolz\RivaTuner\RivaTuner64.sys [19952 2011-10-30] ()
R3 SbieDrv; D:\Data\Toolz\Sandboxie\SbieDrv.sys [158336 2011-11-23] (SANDBOXIE L.T.D)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S2 AODDriver4.01; \??\D:\Data\Driverz\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\XXXXX\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X]
S1 nltdi; \??\D:\Data\Toolz\NetLimiter\nltdi.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-20 19:44 - 2014-06-20 19:44 - 00000000 ____D () C:\FRST
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 _____ () C:\Users\XXXXX\defogger_reenable
2014-06-20 18:32 - 2014-06-20 18:32 - 00022960 _____ () C:\ComboFix.txt
2014-06-20 18:23 - 2014-06-20 18:32 - 00000000 ____D () C:\ComboFix
2014-06-20 18:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 18:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 18:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 18:21 - 2014-06-20 18:32 - 00000000 ____D () C:\Qoobox
2014-06-20 18:20 - 2014-06-20 18:31 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 03:42 - 2010-09-14 08:45 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-06-20 03:42 - 2010-09-14 08:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2014-06-20 03:40 - 2009-09-10 08:28 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-20 03:40 - 2009-09-10 07:52 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-20 03:30 - 2014-06-20 03:30 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2014-06-20 03:28 - 2014-06-20 03:28 - 01781224 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-06-20 03:02 - 2014-06-20 03:02 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-06-20 03:01 - 2010-03-04 06:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-06-20 00:42 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140620-004220.backup
2014-06-20 00:36 - 2014-06-20 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-20 00:35 - 2014-06-20 00:35 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-20 00:34 - 2014-06-20 03:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-20 00:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-19 23:30 - 2014-06-19 23:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 23:30 - 2014-06-19 23:30 - 00000802 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 23:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-19 23:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-19 23:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-19 23:17 - 2014-06-19 23:18 - 00000000 ____D () C:\OETemp
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\JAM Software
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-19 22:30 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-06-19 22:30 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-06-19 22:08 - 2010-08-04 09:07 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-06-19 22:08 - 2010-08-04 09:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2014-06-19 22:08 - 2010-08-04 09:05 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-06-19 22:08 - 2010-08-04 09:05 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-06-19 22:08 - 2010-08-04 08:18 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-06-19 22:08 - 2010-08-04 08:15 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2014-06-19 22:08 - 2010-08-04 08:15 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-06-19 22:08 - 2010-03-04 09:57 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-06-19 22:08 - 2010-03-04 09:33 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-06-19 22:08 - 2010-01-19 11:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-06-19 22:08 - 2010-01-19 11:00 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-06-19 22:08 - 2010-01-19 11:00 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-06-19 22:08 - 2010-01-19 11:00 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-06-19 22:08 - 2010-01-19 01:29 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-06-19 22:08 - 2010-01-19 01:29 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-06-19 22:08 - 2010-01-19 01:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-06-19 22:08 - 2010-01-19 01:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-06-19 22:08 - 2010-01-19 01:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-06-19 22:08 - 2010-01-19 01:28 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-06-19 22:08 - 2010-01-19 01:28 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-06-19 22:08 - 2010-01-19 01:28 - 00277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-06-19 22:08 - 2009-12-13 11:46 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-06-19 22:08 - 2009-12-13 11:30 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-06-19 22:08 - 2009-10-19 16:46 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-06-19 22:08 - 2009-10-19 16:46 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-06-19 22:08 - 2009-10-19 16:10 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2014-06-19 22:08 - 2009-10-19 16:10 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-06-19 22:08 - 2009-07-30 07:07 - 00366080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-06-19 22:08 - 2009-07-30 06:44 - 00293888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-06-11 20:04 - 2014-06-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 20:37 - 2014-06-10 20:37 - 00001535 _____ () C:\Users\XXXXX\Documents\Ungefähre Liste.txt
2014-06-09 17:09 - 2014-06-09 18:07 - 00004891 _____ () C:\Users\XXXXX\Desktop\ai research notes.txt
2014-05-28 21:57 - 2014-05-28 22:00 - 00000568 __RSH () C:\Users\XXXXX\ntuser.pol
2014-05-27 18:59 - 2014-05-27 18:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-27 18:59 - 2014-05-27 18:59 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

==================== One Month Modified Files and Folders =======

2014-06-20 19:44 - 2014-06-20 19:44 - 00000000 ____D () C:\FRST
2014-06-20 19:44 - 2014-02-22 16:25 - 42788962 _____ () C:\Windows\setupact.log
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 _____ () C:\Users\XXXXX\defogger_reenable
2014-06-20 19:33 - 2010-10-24 15:20 - 00000000 ____D () C:\Users\XXXXX
2014-06-20 18:59 - 2012-05-09 00:54 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-20 18:59 - 2012-04-04 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-20 18:50 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 18:50 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 18:35 - 2010-10-24 13:32 - 01829297 _____ () C:\Windows\WindowsUpdate.log
2014-06-20 18:32 - 2014-06-20 18:32 - 00022960 _____ () C:\ComboFix.txt
2014-06-20 18:32 - 2014-06-20 18:23 - 00000000 ____D () C:\ComboFix
2014-06-20 18:32 - 2014-06-20 18:21 - 00000000 ____D () C:\Qoobox
2014-06-20 18:32 - 2011-11-02 21:15 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-06-20 18:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-20 18:31 - 2014-06-20 18:20 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 18:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 18:05 - 2010-11-06 23:23 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Skype
2014-06-20 18:04 - 2012-05-09 00:54 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-20 18:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 17:56 - 2011-01-11 21:32 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\TSVNCache
2014-06-20 17:53 - 2012-04-22 18:09 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
2014-06-20 17:47 - 2011-09-01 23:16 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-20 15:01 - 2011-01-11 19:49 - 00000000 ____D () C:\Users\XXXXX\Documents\Visual Studio 2008
2014-06-20 14:56 - 2011-01-15 20:16 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\VisualAssist
2014-06-20 14:55 - 2011-01-15 19:57 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\VisualAssist
2014-06-20 14:18 - 2009-07-14 06:45 - 00319592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-20 14:17 - 2011-01-13 19:32 - 00081694 _____ () C:\Windows\PFRO.log
2014-06-20 03:44 - 2014-06-20 00:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-20 03:40 - 2011-01-11 19:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-20 03:34 - 2011-01-11 20:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-06-20 03:32 - 2011-01-11 20:02 - 01626404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-20 03:32 - 2009-07-14 19:58 - 00749328 _____ () C:\Windows\system32\perfh007.dat
2014-06-20 03:32 - 2009-07-14 19:58 - 00169602 _____ () C:\Windows\system32\perfc007.dat
2014-06-20 03:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-06-20 03:30 - 2014-06-20 03:30 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2014-06-20 03:28 - 2014-06-20 03:28 - 01781224 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-06-20 03:27 - 2012-05-13 18:15 - 00008947 _____ () C:\Windows\IE9_main.log
2014-06-20 03:26 - 2009-07-14 07:13 - 00077818 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 03:02 - 2014-06-20 03:02 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-06-20 01:16 - 2011-06-22 21:03 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\vlc
2014-06-20 00:36 - 2014-06-20 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-20 00:35 - 2014-06-20 00:35 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-19 23:44 - 2014-06-19 23:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 23:30 - 2014-06-19 23:30 - 00000802 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 23:19 - 2013-12-10 00:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-19 23:18 - 2014-06-19 23:17 - 00000000 ____D () C:\OETemp
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\JAM Software
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-19 22:50 - 2012-03-10 18:42 - 00000000 ____D () C:\Fraps
2014-06-12 18:38 - 2012-05-02 23:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 20:04 - 2014-06-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 20:37 - 2014-06-10 20:37 - 00001535 _____ () C:\Users\XXXXX\Documents\Ungefähre Liste.txt
2014-06-09 18:07 - 2014-06-09 17:09 - 00004891 _____ () C:\Users\XXXXX\Desktop\ai research notes.txt
2014-05-28 22:00 - 2014-05-28 21:57 - 00000568 __RSH () C:\Users\XXXXX\ntuser.pol
2014-05-28 21:56 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-27 18:59 - 2014-05-27 18:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-27 18:59 - 2014-05-27 18:59 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-27 18:59 - 2011-01-12 20:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-27 18:59 - 2011-01-12 20:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-26 19:49 - 2014-05-15 19:40 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-05-26 18:41 - 2010-11-06 23:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 18:41 - 2010-11-06 23:23 - 00000000 ____D () C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:09

==================== End Of Log ============================

--- --- ---

Additional:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2014
Ran by XXXXX at 2014-06-20 19:45:00
Running from D:\Data\Downloadz
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AGEIA GAME System Software 2.8.0 (HKLM-x32\...\{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}) (Version: 2.8.0 - AGEIA Technologies, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1701BD02-09B9-B25B-8290-C7D6A33C5A75}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield 3™ Open Beta (HKLM-x32\...\{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.138.0 - EA Digital Illusions CE AB)
BF3CC (HKCU\...\af8063ee51cc0619) (Version: 0.3.0.25 - i3D)
Blockade Runner (HKLM-x32\...\Blockade Runner0.71.0c) (Version: 0.71.0c - ZanMgt)
Boost Package 1_42_0 (HKLM-x32\...\Boost_0) (Version: 1_42_0 - Gordon Taft)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cities XL 2012 (HKLM-x32\...\Steam App 201760) (Version:  - )
CMake 2.8, a cross-platform, open-source build system (HKLM-x32\...\CMake 2.8.11.1) (Version: 2.8.11.1 - Kitware)
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic German Language Pack for Visual Studio 2008 (HKLM-x32\...\{3924C3E7-C440-4B23-9740-9A9EC0545F21}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) (HKLM\...\{1D5F34D0-6329-4D92-B81A-E24E9028910C}) (Version: 10.5.0.0 - Business Objects)
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3721 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 7.0.3721 - CyberLink Corp.) Hidden
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.6210 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3418 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1423 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1423 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3518.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3518.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2429 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{6BDEB2BD-7C8B-4734-9E2F-E9EDC9D6C844}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.7.14633 - Blizzard Entertainment)
doxygen 1.8.2 (HKLM\...\doxygen_is1) (Version: 1.8.2 - Dimitri van Heesch)
eBay .NET SDK v747 Full Release (HKLM-x32\...\{A7EE19F8-2159-4313-831C-CB35967BC7E5}) (Version: 2.0.0 - eBay)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Download Manager 3.0 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
General Downloader version 1.2.14.22654 (HKLM-x32\...\{414C790F-E24E-461B-983A-2AD84474DE4A}_is1) (Version: 1.2.14.22654 - )
GIF Viewer (HKLM-x32\...\GIF Viewer) (Version:  - )
Git version 1.8.0-preview20121022 (HKLM-x32\...\Git_is1) (Version: 1.8.0-preview20121022 - The Git Development Community)
GLEAMviz Simulator v4 - Public Edition (HKLM-x32\...\org.gleamviz.simulator-v4-pe) (Version: 4.2.01 - UNKNOWN)
GLEAMviz Simulator v4 - Public Edition (x32 Version: 4.2.01 - UNKNOWN) Hidden
GnuWin32: Bison-2.4.1 (HKLM-x32\...\Bison-2.4.1_is1) (Version: 2.4.1 - GnuWin32)
Golems (HKLM-x32\...\Golems) (Version: 0.56.0 - Sam Bayless)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
HHD Software Hex Editor Neo 4.97 (HKCU\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 4.97.2.3667 - HHD Software, Ltd.)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB971091) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB973674) (Version: 1 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
K-Lite Codec Pack 7.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
Kong version 1.1.0 (HKLM-x32\...\Kong_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{B1060346-9388-4C5B-AA52-176C39819E43}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{72CCBEA1-8D57-4981-A337-81019F28C5BA}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (HKLM\...\{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Document Explorer 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Document Explorer 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 Language Pack - DEU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Visio 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 DEU (HKLM-x32\...\{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices DEU (HKLM-x32\...\{1C3ADB5F-750E-4453-AC98-B75C5323845C}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (x32 Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Professional Edition - DEU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - DEU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - DEU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{AC888A60-9557-3B74-B52B-F353D01BD544}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.1 (HKLM-x32\...\{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MySQL Workbench 5.2 CE (HKLM-x32\...\{48A9B9DD-66B9-4846-AA7C-825A5729B643}) (Version: 5.2.47 - Oracle Corporation)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NetLimiter 3 (HKLM\...\{913923AB-3AAB-4870-8910-627C4CD82789}) (Version: 3.0.0.11 - Locktime Software s.r.o.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Operation Flashpoint: Dragon Rising (HKLM-x32\...\Steam App 12830) (Version:  - Codemasters Studios)
Operation Flashpoint: Red River (HKLM-x32\...\Steam App 44340) (Version:  - Codemasters Action Studio)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version:  - www.orbitdownloader.com)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.7.9 - )
pidgin-otr 3.2.0-1 (HKLM-x32\...\pidgin-otr) (Version: 3.2.0-1 - Cypherpunks CA)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Prelude@# v.0.9.6 (HKLM-x32\...\Prelude@#) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
QuickSteuer Wissens-Center 2011 (HKLM-x32\...\{939FF87B-4ADE-4CB3-A363-153984CD4A49}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG)
Rapid Environment Editor (HKLM-x32\...\RapidEE) (Version: 6.1.0.786 - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - )
Sandboxie 3.62 (64-bit) (HKLM\...\Sandboxie) (Version: 3.62 - SANDBOXIE L.T.D)
SDM 1.11 (HKLM-x32\...\SDM_is1) (Version: 1.11 - Sebastian Nagel)
Secure Download Manager (HKLM-x32\...\{E98D115E-D621-4723-8AF0-147BADA9A466}) (Version: 3.1.40 - Kivuto Solutions Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
SweetPacks bundle uninstaller (HKLM-x32\...\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}) (Version: 1.0.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
TortoiseGit 1.8.0.0 (64 bit) (HKLM\...\{03F31A76-CC8D-4C2A-BF70-0B4337119821}) (Version: 1.8.0.0 - TortoiseGit)
TortoiseSVN 1.6.12.20536 (64 bit) (HKLM\...\{818AA386-29D5-4DFF-BBB5-3F16133F1409}) (Version: 1.6.20536 - TortoiseSVN)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Tournament 2004 (HKLM-x32\...\UT2004) (Version:  - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIO_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIO_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{BEBC2484-290C-46AD-9834-6DAD1FA80273}) (Version:  - Microsoft)
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB972221) (Version: 1 - Microsoft Corporation)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Assist X (HKLM-x32\...\Visual Assist X) (Version:  - Whole Tomato Software, Inc.)
Visual Leak Detector 2.2.3 (HKLM-x32\...\Visual Leak Detector) (Version: 2.2.3 - VLD Team)
Visual Studio .NET Prerequisites - English (HKLM\...\{ACD875CC-A146-3125-8F99-D3766F46FD86}) (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version:  - Microsoft Corporation)
VisualSVN Server 2.5.0 (HKLM-x32\...\{D79B2856-B662-4EE8-8B95-1A20D21B3C65}) (Version: 2.5.0.0 - VisualSVN Ltd.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VPNTunnel 1.0.0.0 (HKLM-x32\...\VPNTunnel) (Version: 1.0.0.0 - )
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-2 - Wacom Technology Corp.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.5-3 - Wacom Technology Corp.)
Warhammer 40,000: Space Marine Demo (HKLM-x32\...\Steam App 55410) (Version:  - )
Warsow 0.61 (HKLM-x32\...\{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1) (Version: 0.61 - Chasseur de bots)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{DA7F48EF-5F56-45FE-9169-3B8159A7A323}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 4.3.4.15595 - Blizzard Entertainment)
x64crt (HKLM\...\{143CC532-8A89-4D56-8F91-F1AFF6244FE3}) (Version: 1.0.0 - Microsoft)
x86crt (HKLM-x32\...\{50CBA9D7-4A12-44CA-8E75-9FD7374FBD12}) (Version: 1.0.0 - Microsoft)
YaCy (HKCU\...\YaCy) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-20 18:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {14155E1D-6466-44FB-AB0C-52AE66BA9F2F} - System32\Tasks\{3D57BC33-6BE7-4D79-AD78-03962A895338} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {190F0E40-EF8D-44E4-9F34-7A750B3D8BD7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-20] (Adobe Systems Incorporated)
Task: {1BCD8EA8-2850-4E9C-A779-E01A3E750B0B} - System32\Tasks\Herunterfahren => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {330FAA11-24A8-4777-807B-FEE0AB490E38} - System32\Tasks\{B1890DC8-97EB-45AD-B66C-C62FF6560071} => C:\Program Files (x86)\PreludeSharp\preLude.exe [2009-11-28] ()
Task: {51351AAF-8F36-4AF1-A13F-B24C54BFAA65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09] (Google Inc.)
Task: {57C7B773-3FA4-4D97-81AB-C27973ED5B32} - System32\Tasks\{B874AF6A-C921-4809-9841-BBEFD7CAB70F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsMain
Task: {720DDF4D-962B-4FCE-BF7A-779A74D39BD5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => D:\Data\Toolz\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {893EFD81-A6AE-48EF-9473-8BC9597942D5} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9A31A067-32B4-4ECE-9357-78D542383E48} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => D:\Data\Toolz\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A002C06E-54E1-43AD-90D9-2230C15C86D3} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {AE230FA0-99F0-4AE9-B759-A2E2DABCE839} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09] (Google Inc.)
Task: {F13E8BDD-4FA3-4795-9C7F-58944841CF83} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => D:\Data\Toolz\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 17:32 - 2012-12-19 17:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 20:39 - 2012-10-17 20:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 20:39 - 2012-10-17 20:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2010-12-11 18:15 - 2012-04-01 01:36 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-10 15:41 - 2014-03-14 00:15 - 00567880 _____ () D:\Data\Toolz\puush\puush.exe
2012-10-16 11:39 - 2012-10-16 11:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2012-12-19 17:32 - 2012-12-19 17:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-03 19:45 - 2013-12-17 03:17 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-04-03 19:42 - 2013-02-08 20:37 - 01185080 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-01-27 20:11 - 2013-01-27 20:11 - 00542360 _____ () D:\Data\Toolz\Tortoise GIT\bin\libgit2.dll
2013-01-27 20:11 - 2013-01-27 20:11 - 00087192 _____ () D:\Data\Toolz\Tortoise GIT\bin\zlib1.dll
2010-10-24 19:10 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00301568 _____ () D:\Programs\Notepad++\NppShell_04.dll
2014-06-20 19:32 - 2014-06-20 19:32 - 00050477 _____ () D:\Data\Downloadz\Defogger.exe
2013-01-27 20:01 - 2013-01-27 20:01 - 00413336 _____ () D:\Data\Toolz\Tortoise GIT\bin\libgit232.dll
2013-01-27 20:01 - 2013-01-27 20:01 - 00075928 _____ () D:\Data\Toolz\Tortoise GIT\bin\zlib132.dll
2012-10-16 11:39 - 2012-10-16 11:39 - 00060504 _____ () C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll
2014-06-20 00:34 - 2014-04-25 14:11 - 00109400 _____ () D:\Data\Toolz\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-20 00:34 - 2014-04-25 14:11 - 00416600 _____ () D:\Data\Toolz\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-20 00:34 - 2014-04-25 14:11 - 00167768 _____ () D:\Data\Toolz\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-20 00:34 - 2012-08-23 10:38 - 00574840 _____ () D:\Data\Toolz\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-20 00:34 - 2012-04-03 17:06 - 00565640 _____ () D:\Data\Toolz\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2011-07-18 23:07 - 2011-07-18 23:07 - 01563648 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2014-06-11 20:04 - 2014-06-11 20:04 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: NetBalancerService => 2
MSCONFIG\startupfolder: C:^Users^XXXXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SDM-Autostart.lnk => C:\Windows\pss\SDM-Autostart.lnk.Startup
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: CLMLServer => "H:\f!3rce\Progz\Cyberlink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Free Download Manager => C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: InstantBurn => H:\f!3rce\Progz\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NetLimiter => D:\Data\Toolz\NetLimiter\NLClientApp.exe /tray
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: RemoteControl9 => H:\f!3rce\Progz\Cyberlink\PowerDVD9\PDVD9Serv.exe
MSCONFIG\startupreg: RGSC => D:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: UpdatePSTShortCut => "H:\f!3rce\Progz\Cyberlink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "H:\f!3rce\Progz\Cyberlink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

==================== Faulty Device Manager Devices =============

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: nltdi
Description: nltdi
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: nltdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2014 07:41:35 PM) (Source: ESENT) (EventID: 428) (User: )
Description: wuaueng.dll (1004) SUS20ClientDataStore: Das Datenbankmodul kann keine Aktualisierungen akzeptieren, weil die Festplatte, auf der sich die Protokolldatei der Datenbank befindet, über zu wenig freien Speicherplatz verfügt .

Error: (06/20/2014 07:41:28 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (1004) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log" bei Offset 0 (0x0000000000000000) für 393216 (0x00060000) Bytes zu schreiben, ist nach wuaueng.dll0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (06/20/2014 07:41:24 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000134,0x00560034,0000000000355000,0,0000000000353FF0,4096,[0]).


Vorgang:
   PreFinalCommitSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (06/20/2014 07:34:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
.

Error: (06/20/2014 07:29:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
.

Error: (06/20/2014 07:24:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
.

Error: (06/20/2014 07:19:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
.

Error: (06/20/2014 07:09:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
.

Error: (06/20/2014 06:49:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
.

Error: (06/20/2014 06:44:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
.


System errors:
=============
Error: (06/20/2014 07:37:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "DHCP-Client" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (06/20/2014 07:35:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sicherheitscenter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2014 07:35:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2014 07:35:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2014 07:35:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Ereignisprotokoll" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2014 07:35:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "DHCP-Client" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2014 07:35:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Audio" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2014 06:36:21 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/20/2014 06:30:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/20/2014 06:29:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (06/20/2014 07:41:35 PM) (Source: ESENT) (EventID: 428) (User: )
Description: wuaueng.dll1004SUS20ClientDataStore:

Error: (06/20/2014 07:41:28 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll1004SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log0 (0x0000000000000000)393216 (0x00060000)-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. 0

Error: (06/20/2014 07:41:24 PM) (Source: VSS) (EventID: 12305) (User: )
Description: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000134,0x00560034,0000000000355000,0,0000000000353FF0,4096,[0])

Vorgang:
   PreFinalCommitSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (06/20/2014 07:34:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEs steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (06/20/2014 07:29:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEs steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (06/20/2014 07:24:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEs steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (06/20/2014 07:19:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEs steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (06/20/2014 07:09:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEs steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (06/20/2014 06:49:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEs steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (06/20/2014 06:44:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEs steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.


CodeIntegrity Errors:
===================================
  Date: 2014-06-20 18:29:31.223
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-20 18:29:31.192
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-30 01:23:57.843
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Data\Toolz\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-30 01:23:57.838
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Data\Toolz\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-30 01:23:56.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Data\Toolz\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-30 01:23:56.634
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Data\Toolz\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-30 01:23:55.622
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Data\Toolz\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-30 01:23:55.612
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Data\Toolz\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-30 01:23:54.600
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Data\Toolz\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-30 01:23:54.598
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Data\Toolz\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 74%
Total physical RAM: 4094.18 MB
Available physical RAM: 1030.11 MB
Total Pagefile: 8186.51 MB
Available Pagefile: 4651.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Win7 System) (Fixed) (Total:29.3 GB) (Free:0 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten1) (Fixed) (Total:407.15 GB) (Free:27.16 GB) NTFS
Drive e: (XP System) (Fixed) (Total:29.3 GB) (Free:11.09 GB) NTFS
Drive g: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Daten4) (Fixed) (Total:76.33 GB) (Free:21.66 GB) NTFS
Drive i: (Daten3) (Fixed) (Total:104.79 GB) (Free:104.54 GB) NTFS
Drive j: (Daten2) (Fixed) (Total:127.99 GB) (Free:60.74 GB) NTFS
Drive o: (Daten5) (Fixed) (Total:256.32 GB) (Free:255.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 471850F4)
Partition 1: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=407 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 76 GB) (Disk ID: BFD65681)
Partition 1: (Active) - (Size=76 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=0) - (Type=0E)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 69460369)
Partition 1: (Not Active) - (Size=466 GB) - (Type=OF Extended)

========================================================
Disk: 3 (Size: 233 GB) (Disk ID: CEE5CEE5)
Partition 1: (Not Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=105 GB) - (Type=OF Extended)

==================== End Of Log ============================

schrauber · 21.06.2014, 20:51

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ecreif · 21.06.2014, 22:26

Ich seh schon mein Rechner ist durch das ganze Frickeln ziemlich verhunzt. Naja solange er läuft und keine Malware drauf ist. Ist mir das erstmal egal.

Update:

svchost.exe scheint seit den automatischen updates von gestern nicht mehr ausgelastet zu sein. Dennoch läuft mein C weiterhin voll. Ich konnte fast 2GB frei machen und jetzt sind davon nur noch 200MB übrig

ComboFix Log (Ist älter,weil ich das wie am Anfang beschrieben schonmal ausgeführt hatte):

Code:

ATTFilter

ComboFix 14-06-19.01 - XXXXX 20.06.2014  18:24:32.1.6 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.4094.1913 [GMT 2:00]
ausgeführt von:: d:\data\Downloadz\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-20 bis 2014-06-20  ))))))))))))))))))))))))))))))
.
.
2014-06-20 16:30 . 2014-06-20 16:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-20 16:06 . 2014-06-20 16:06	--------	d-----w-	c:\windows\LastGood
2014-06-20 01:42 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2014-06-20 01:42 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2014-06-20 01:40 . 2009-09-10 06:28	311808	----a-w-	c:\windows\system32\msv1_0.dll
2014-06-20 01:40 . 2009-09-10 05:52	257024	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-06-20 01:30 . 2014-06-20 01:30	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2014-06-20 01:28 . 2014-06-20 01:28	1781224	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2014-06-20 01:02 . 2014-06-20 01:02	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2014-06-20 01:01 . 2010-03-04 04:32	243712	----a-w-	c:\windows\system32\drivers\ks.sys
2014-06-19 22:36 . 2014-06-19 22:36	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2014-06-19 22:34 . 2013-09-20 08:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2014-06-19 22:34 . 2014-06-20 01:44	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-06-19 21:30 . 2014-06-19 21:44	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-19 21:30 . 2014-06-19 21:30	--------	d-----w-	c:\programdata\Malwarebytes
2014-06-19 21:30 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-06-19 21:30 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-06-19 21:30 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-06-19 21:17 . 2014-06-19 21:18	--------	d-----w-	C:\OETemp
2014-06-19 21:07 . 2014-06-19 21:07	--------	d-----w-	c:\users\XXXXX\AppData\Roaming\JAM Software
2014-06-19 20:30 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2014-06-19 20:30 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2014-06-19 20:07 . 2014-05-19 23:18	10702536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F52DBA59-7474-41B7-B894-C056152FF86C}\mpengine.dll
2014-05-26 16:41 . 2014-05-26 16:41	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-20 19:41 . 2012-04-04 18:54	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-20 19:41 . 2011-05-16 23:36	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 07:35 . 2010-10-24 13:39	270496	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"puush"="d:\data\Toolz\puush\puush.exe" [2014-03-13 567880]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"Spybot-S&D Cleaning"="d:\data\Toolz\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-04-25 4566984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SDTray"="d:\data\Toolz\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R1 nltdi;nltdi;d:\data\Toolz\NetLimiter\nltdi.sys;d:\data\Toolz\NetLimiter\nltdi.sys [x]
R2 AODDriver4.01;AODDriver4.01;d:\data\Driverz\ATI.ACE\Fuel\amd64\AODDriver2.sys;d:\data\Driverz\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 Apache2.2;Apache2.2;i:\apache\bin\httpd.exe;i:\apache\bin\httpd.exe [x]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
R2 CLKMSVC10_22035577;CyberLink Product - 2011/09/01 23:23;h:\YYYYY\Progz\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;h:\YYYYY\Progz\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 cpuz130;cpuz130;c:\users\XXXXX\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\XXXXX\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\nbdrv.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RivaTuner64;RivaTuner64;d:\data\Toolz\RivaTuner\RivaTuner64.sys;d:\data\Toolz\RivaTuner\RivaTuner64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys;c:\windows\SYSNATIVE\DRIVERS\CLBStor.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\data\Toolz\Spybot - Search & Destroy 2\SDFSSvc.exe;d:\data\Toolz\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;d:\data\Toolz\Spybot - Search & Destroy 2\SDUpdSvc.exe;d:\data\Toolz\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\data\Toolz\Spybot - Search & Destroy 2\SDWSCSvc.exe;d:\data\Toolz\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 VisualSVNServer;VisualSVN Server;i:\visualsvn server\bin\VisualSVNServer.exe;i:\visualsvn server\bin\VisualSVNServer.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 12:18	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:41]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 22:54]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 22:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
2011-07-18 11:47	414720	----a-w-	c:\users\XXXXX\AppData\Roaming\General Downloader\Extensions\IEPlugin64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = www.google.com
Trusted Zone: dyndns-home.com\XXXXX
TCP: Interfaces\{A7AFB675-BB88-478E-A8B7-8B72D2B6CA0A}: NameServer = 192.168.179.1
TCP: Interfaces\{F4459F9F-E811-4E77-8C48-E1A4A6AEC2E0}: NameServer = 208.67.222.222,192.168.2.1
FF - ProfilePath - c:\users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-7-Zip - c:\program files (x86)\7-Zip\Uninstall.exe
AddRemove-Bison-2.4.1_is1 - d:\data\Toolz\GNU Bison\uninstall\unins000.exe
AddRemove-Free Download Manager_is1 - c:\program files (x86)\Free Download Manager\unins000.exe
AddRemove-SDM_is1 - d:\sdm\unins000.exe
AddRemove-Steam App 550 - h:\YYYYY\Gamez\Valve\Steam\steam.exe
AddRemove-Steam App 55410 - h:\YYYYY\Gamez\Valve\Steam\steam.exe
AddRemove-Steam App 72850 - h:\YYYYY\Gamez\Valve\Steam\steam.exe
AddRemove-Steam App 8930 - h:\YYYYY\Gamez\Valve\Steam\steam.exe
AddRemove-{414C790F-E24E-461B-983A-2AD84474DE4A}_is1 - c:\program files (x86)\General Downloader\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-20  18:32:08
ComboFix-quarantined-files.txt  2014-06-20 16:32
.
Vor Suchlauf: 351.232.000 Bytes frei
Nach Suchlauf: 281.739.264 Bytes frei
.
- - End Of File - - D7C55AD81A446D9F8E97A96EBA7D8EBA
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 22.06.2014, 07:09

TreeSize Free Download
TreeSize laufen lassen, wenn er fertig ist mit Berechnen Screenshot davon bitte.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

ecreif · 22.06.2014, 20:36

Langsam glaube ich alle meine Probleme hängen mit den automatischen Updates von Windows zusammen. Die sind anscheinend einmal an die Grenze auf C gestoßen und seitdem ist das komplett verhunzt. Und Skype geht eh nicht mehr richtig wenn C voll ist.
Auf jedenfall hier die Logs und Anbei Screenshots:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.06.2014
Suchlauf-Zeit: 20:24:29
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.22.02
Rootkit Datenbank: v2014.06.20.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: XXXXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 323923
Verstrichene Zeit: 19 Min, 52 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 22/06/2014 um 20:57:05
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzername : XXXXX - XXXXX-PC
# Gestartet von : D:\Data\Downloadz\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\orbitdownloader
Ordner Gelöscht : C:\Users\XXXXX\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\XXXXX\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hjsplit_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hjsplit_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Schlüssel Gelöscht : HKCU\Software\Orbit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Orbit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B6EF34C0188ECFA43B48A4BE9C00748E
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B6EF34C0188ECFA43B48A4BE9C00748E
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\prefs.js ]


*************************

AdwCleaner[R0].txt - [5705 octets] - [22/06/2014 20:54:54]
AdwCleaner[S0].txt - [5453 octets] - [22/06/2014 20:57:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5513 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by XXXXX on 22.06.2014 at 21:18:55,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1843127492-2866971718-3940101754-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\XXXXX\appdata\local\{13541258-5B62-4AC9-A8EE-532202365A57}
Successfully deleted: [Empty Folder] C:\Users\XXXXX\appdata\local\{C434446A-6447-4BB7-86F8-6266F25FCF27}
Successfully deleted: [Empty Folder] C:\Users\XXXXX\appdata\local\{F90210A6-77BA-49E0-9CA7-C7B53AB99D07}



~~~ FireFox

Emptied folder: C:\Users\XXXXX\AppData\Roaming\mozilla\firefox\profiles\ic9mcqw5.default-1371518163302\minidumps [82 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.06.2014 at 21:23:21,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2014
Ran by XXXXX (administrator) on XXXXX-PC on 22-06-2014 21:29:41
Running from D:\Data\Downloadz
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Windows\DAODx.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) D:\Data\Toolz\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) D:\Data\Toolz\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Apache Software Foundation) I:\VisualSVN Server\bin\VisualSVNServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apache Software Foundation) I:\VisualSVN Server\bin\VisualSVNServer.exe
(Safer-Networking Ltd.) D:\Data\Toolz\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() D:\Data\Toolz\puush\puush.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => D:\Data\Toolz\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [‰0ƒÁƒÀJuñ‹óèÈûÿÿé´þÿÿ€L@;ÁvöƒÆ€~ÿ] - C:\Windows\system32\MsiExec.exe /@ "‰0ƒÁƒÀJuñ‹óèÈûÿÿé´þÿÿ€L@;ÁvöƒÆ€~ÿ
…0ÿÿÿC¹þ


€@Iuù‹Cèøúÿÿ‰C‰Së‰s3À·È‹ÁÁáÁ{«««ë§95h¹…TþÿÿƒÈÿ‹Mü_^3Í[è³¿ÿÿÉÃÌÌÌÌÌjh¸jèæÿÿƒMàÿèp×ÿÿ‹ø‰}ÜèÉüÿÿ‹_h‹uègýÿÿ‰E;C„W

h 

è‹ÚÿÿY‹Ø…Û„F

¹ˆ


‹wh‹ûó¥ƒ#
Sÿuè¯ýÿÿYY‰Eà…À…ü


‹uÜÿvhÿ8
…Àu‹Fh=Ø¡tPè*ÆÿÿY‰^hS‹=,
ÿ×öFp…ê


öø¦…Ý


j
èQ0

Yƒeü
‹C£x¹‹C£|¹‹C£€¹3À‰Eäƒø}f‹LCf‰El¹@ëè3À‰Eä=

}
ŠLˆˆø£@ëé3À‰Eä=


}ŠŒ

ˆˆ
¥@ëæÿ5
¦ÿ8
…Àu¡
¦=Ø¡tPèçÅÿÿY‰
¦Sÿ×ÇEüþÿÿÿè


ë0j
èÁ.

YÃë%ƒøÿu ûØ¡tSè±ÅÿÿYèÙøÿÿÇ



ëƒeà
‹EàèËäÿÿÃÌÌÌÌÌƒ=LÛ
ujýèQþÿÿYÇLÛ


3ÀÃÌÌÌÌÌ‹ÿU‹ìSV‹5,
W‹}WÿÖ‹‡°


…ÀtPÿÖ‹‡¸


…ÀtPÿÖ‹‡´


…ÀtPÿÖ‹‡À


…ÀtPÿÖ_PÇE


{øü¦t	‹…ÀtPÿÖƒ{ü
t
‹C…ÀtPÿÖƒÃÿMuÖ‹‡Ô


´


PÿÖ_^[]ÃÌÌÌÌÌ‹ÿU‹ìW‹}…ÿ„ƒ


SV‹58
WÿÖ‹‡°


…ÀtPÿÖ‹‡¸


…ÀtPÿÖ‹‡´


…ÀtPÿÖ‹‡À


…ÀtPÿÖ_PÇE


{øü¦t	‹…ÀtPÿÖƒ{ü
t
‹C…ÀtPÿÖƒÃÿMuÖ‹‡Ô


´


PÿÖ^[‹Ç_]ÃÌÌÌÌÌ‹ÿU‹ìSV‹u‹†¼


3ÛW;Ãto=8*th‹†°


;Ãt^9uZ‹†¸


;Ãt9uPèüÃÿÿÿ¶¼


èN

YY‹†´


;Ãt9uPèÛÃÿÿÿ¶¼


è‡M

YYÿ¶°


èÃÃÿÿÿ¶¼


è¸ÃÿÿYY‹†À


;ÃtD9u@‹†Ä


-þ


Pè—Ãÿÿ‹†Ì


¿€


+ÇPè„Ãÿÿ‹†Ð


+ÇPèvÃÿÿÿ¶À


èkÃÿÿƒÄ‹†Ô


=
§t9˜´


uPèˆI

ÿ¶Ô


èBÃÿÿYY~PÇE


øü¦t‹;Ãt9uPèÃÿÿY9_üt‹G;Ãt9uPèÃÿÿYƒÇÿMuÇVè÷ÂÿÿY_^[]ÃÌÌÌÌÌ‹ÿU‹ìW‹}…ÿt;‹E…Àt4V‹0;÷t(W‰8è[ýÿÿY…ötVèäýÿÿƒ>
Yuþh¨tVènþÿÿY‹Ç^ë3À_]ÃÌÌÌÌÌjhØjè}áÿÿèÞÒÿÿ‹ð¡ø¦…Fpt"ƒ~l
tèÇÒÿÿ‹pl…öuj èÚÿÿY‹ÆèáÿÿÃjè0,

Yƒeü
ÿ5@©ƒÆlVèTÿÿÿYY‰EäÇEüþÿÿÿè


ë¾jè+

Y‹uäÃÌÌÌÌÌ‹ÿU‹ì¸ÿÿ

ƒìf9E„‡


SVÿuMìèÑºÿÿ‹uì‹N3Û;Ëu‹EH¿fƒùwfƒÀ ·ÀëK¸


jf9EsÿuèM

Y…À·EYt,‹ŽÌ


¶ë UüRjURPQèÃL

ƒÄ…À·Et·Eü8]øt‹Môƒapý^[ÉÃÌÌÌÌÌ‹ÿU‹ì‹UVW…Òt‹}…ÿuè‹ôÿÿj^‰0è%ôÿÿ‹Æë3‹E…Àuˆëâ‹ò+ðŠˆ@„ÉtOuó…ÿuÆ
èUôÿÿj"Y‰‹ñëÆ3À_^]ÃÌÌÌÌÌÌÌ‹L$÷Á


t$ŠƒÁ„ÀtN÷Á


uï



¤$



¤$



‹ºÿþþ~Ðƒðÿ3ÂƒÁ©
tè‹Aü„Àt2„ät$©

ÿ
t©


ÿtëÍAÿ‹L$+ÁÃAþ‹L$+ÁÃAý‹L$+ÁÃAü‹L$+ÁÃÌÌÌÌÌW‹Æƒà…À…Á


‹ÑƒáÁêteë›



fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fp¶€


¿€


Ju£…ÉtI‹ÑÁê…Òt›



fofvJuïƒát$‹ÁÁét
‹‰vIuó‹Èƒát	ŠˆFGIu÷X^_]Ãº


+Ð+ÊQ‹Â‹Èƒát	ŠˆFGIu÷Áèt
‹‰vHuóYéÿÿÿÌÌÌÌÌj
ÿ*
£(Ú3ÀÃÌÌÌÌÌ‹ÿU‹ìQQ‹EW‹}…Àt‰8…ÿuèuòÿÿÇ



èòÿÿ3Àé

ƒ}
tƒ}|Ýƒ}$×ƒeü
SVj[·7SVƒÇèiJ

YY…Àuífƒþ-uƒMëfƒþ+u·7ƒÇƒ}
u-Vè§N

Y…Àt	ÇE



ë>·ƒøxt
ƒøXt‰]ë,ÇE


ƒ}uVètN

Y…Àu·ƒøxtƒøXu·wƒÇƒÈÿ3Ò÷u‰Uø‹ØVèHN

Yƒøÿu)jAXf;ÆwfƒþZv	FŸfƒøw1FŸfƒø·Æwƒè ƒÀÉ;EsƒM9]ür*u;Eøv#ƒMƒ}
u%‹Eƒï¨u&ƒ}
t‹}ƒeü
ëa‹Mü¯MÈ‰Mü·7ƒÇé|ÿÿÿ¾ÿÿÿ¨u¨u=ƒàt	}ü


€w	…Àu+9uüv&èñÿÿöEÇ
"


tƒMüÿëöEj
X•ÀÆ‰Eü‹E^[…Àt‰8öEt÷]ü‹Eü_ÉÃÌÌÌÌÌ‹ÿU‹ìj
ÿuÿuÿuè$þÿÿƒÄ]ÃÌÌÌÌÌ‹ÿU‹ì3À‹M;Åˆ 
t
@ƒørî3À]Ã‹ÅŒ 
]ÃÌÌÌÌÌ‹ÿU‹ììü

¡`*3Å‰EüSV‹uWVè´ÿÿÿ‹ø3ÛY‰½þÿÿ;û„l

jèQP

Yƒø„

jè@P

Y…Àu
ƒ=Ð´„î


þü


„6

hÄ!
h

¿ˆ¹Wè(ÁÿÿƒÄ…À…¸


h

¾º¹VSf£Â»ÿ¨
»û

…Àuh”!
SVèðÀÿÿƒÄ…Àt3ÀPPPPPèÿîÿÿVèœO

@Yƒø<v*VèO

ED¹‹È+ÎjÑùhŒ!
+ÙSPèšÁÿÿƒÄ…Àu½h„!
¾

VWè#ÄÿÿƒÄ…Àu¥ÿµþÿÿVWèÄÿÿƒÄ…Àu‘h 
h8!
Wè¾M

ƒÄë^SSSSSéyÿÿÿjôÿD
‹ð;ótFƒþÿtA3ÀŠGˆŒþÿÿf9Gt@=ô

rèS…þÿÿP…þÿÿPˆ]ûè²úÿÿYP…þÿÿPVÿ¤
‹Mü_^3Í[è"´ÿÿÉÃÌÌÌÌÌjèÑN

YƒøtjèÄN

Y…Àuƒ=Ð´uhü


è þÿÿhÿ


èþÿÿYYÃÌÌÌÌÌ‹ÿU‹ì‹E£°¿]ÃÌÌÌÌÌ‹ÿU‹ìÿ5°¿ÿ
…ÀtÿuÿÐY…Àt3À@]Ã3À]ÃÌÌÌÌÌ‹ÿU‹ìƒ}
uè>îÿÿÇ



è×íÿÿƒÈÿ]Ãÿuj
ÿ58¶ÿ¬
]ÃÌÌÌÌÌjhøjèËÙÿÿjè±$

Yƒeü
‹u‹N…Ét/¡¼¿º¸¿‰Eä…Àt9u,‹H‰JPè¥ºÿÿYÿvèœºÿÿYƒf
ÇEüþÿÿÿè



èºÙÿÿÃ‹ÐëÅjès#

YÃÌÌÌÌÌÌÌ‹T$‹L$÷Â


u<‹:u.
Àt&:au%
ätÁè:Au
Àt:auƒÁƒÂ
äuÒ‹ÿ3ÀÃÀÑàƒÀÃ÷Â


tŠƒÂ:uçƒÁ
ÀtÜ÷Â


t¤f‹ƒÂ:uÎ
ÀtÆ:auÅ
ät½ƒÁëˆÌÌÌÌÌ‹ÿU‹ìƒì ‹EVWjY¾ø!
}àó¥‰Eø‹E_‰Eü^…Àtö
tÇEô
@™EôPÿuðÿuäÿuàÿ°
ÉÂ
ÌÌÌÌÌÌÌV‹D$Àu(‹L$‹D$3Ò÷ñ‹Ø‹D$÷ñ‹ð‹Ã÷d$‹È‹Æ÷d$ÑëG‹È‹\$‹T$‹D$ÑéÑÛÑêÑØÉuô÷ó‹ð÷d$‹È‹D$÷æÑr;T$wr;D$v	N+D$T$3Û+D$T$÷Ú÷ØƒÚ
‹Ê‹Ó‹Ù‹È‹Æ^Â
ÌÌÌÌÌÌÌÌÌÌÌSV‹D$Àu‹L$‹D$3Ò÷ñ‹Ø‹D$÷ñ‹ÓëA‹È‹\$‹T$‹D$ÑéÑÛÑêÑØÉuô÷ó‹ð÷d$‹È‹D$÷æÑr;T$wr;D$vN3Ò‹Æ^[Â
ÌÌÌÌÌ‹ÿU‹ìVf‹uW‹}·Gƒøp„"

fƒþp„

ƒøst	ƒøSt3Òë3ÒBfƒþst
fƒþSt3Éë3ÉA…Ò…É


…É…à


ji_jdZf;Ât]f;Çt6ƒøot1ƒøut,ƒøxt'ƒøXt"f;òtf;÷tfƒþotfƒþutfƒþxtfƒþXulf;Âtf;Çtƒøotƒøutƒøxt	ƒøXt3Éë3ÉAf;òt!f;÷tfƒþotfƒþutfƒþxt
fƒþXt3Àë3À@;ÈuH‹E‹@‹È3M÷Á


u53E¨ u.‹M‹	3À;M”Àë-;Ñu‹G‹MÁèÁé÷Ð÷Ñ3Á¨u3À@ë3Àë
3Éf;Æ”Á‹Á_^]ÃÌÌÌÌÌ‹ÿU‹ìö@@tƒx
tPÿuè
6

YY¹ÿÿ

f;Áuƒÿ]Ãÿ]ÃÌÌÌÌÌ‹ÿU‹ìQSV‹ð‹ÙèêÿÿöG@‹
‰Eüt
ƒ
uëOèêÿÿƒ 
ë-‹E·
P‹ÇKèÿÿÿƒEƒ>ÿYuèàéÿÿƒ8*uj?‹ÇèpÿÿÿY…ÛÏèÈéÿÿƒ8
u
è¾éÿÿ‹Mü‰^[ÉÃÌÌÌÌÌ‹ÿU‹ììÌ


¡`*3Å‰Eü‹ESV‹uW‹}ÿu3Ûõÿÿ‰½lõÿÿ‰…´õÿÿ‰Xõÿÿ‰¸õÿÿ‰tõÿÿ‰Põÿÿ‰hõÿÿè
¯ÿÿƒ¬õÿÿÿ‰põÿÿ;ûu*è?éÿÿÇ



èØèÿÿ8œõÿÿt
‹…˜õÿÿƒ`pýƒÈÿéÙ

;ótÒ‰„õÿÿ‰µ<õÿÿ‰¨õÿÿƒ½¨õÿÿu9¬õÿÿ„•

·ƒxõÿÿÿƒ*õÿÿÿƒ¬õÿÿÿ‰Œõÿÿ‰dõÿÿ‰Tõÿÿ‰|õÿÿ‰°õÿÿ‰µ€õÿÿ‰•ˆõÿÿf;Ó„.

ë‹•ˆõÿÿj_÷ƒ½„õÿÿ
‰µ€õÿÿŒ

BàfƒøXw·Â¶€P2
ƒàë3À‹dõÿÿkÀ	¶œp2
Áë‰dõÿÿƒû…ß


fƒ>%„Î


ƒ½¬õÿÿÿuZj
…põÿÿPVèZ÷ÿÿƒÄ…À~7‹…põÿÿfƒ8$u+ƒ½¨õÿÿ
uh@

…¼ùÿÿj
Pè÷6

ƒÄÇ…¬õÿÿ


ëƒ¥¬õÿÿ
‹•ˆõÿÿƒ½¬õÿÿubj
…põÿÿPVè÷öÿÿ‹põÿÿƒÄHƒ½¨õÿÿ
Q‰…*õÿÿ‰•€õÿÿu)…Àˆ°

fƒ9$…¦

ƒød

;…xõÿÿ~‰…xõÿÿ‹ò‹•ˆõÿÿÿ$Ïkƒû„w

ƒû‡;

ëåƒ½¨õÿÿ
u
ƒ½¬õÿÿ„#

ƒ½¨õÿÿ…

ƒ½¬õÿÿÿ…


é

3Àƒ°õÿÿÿ‰…Hõÿÿ‰…Põÿÿ‰…|õÿÿ‰…tõÿÿ‰…¸õÿÿ‰…hõÿÿéÒ

·Âƒè tJƒèt6ƒèt%+Çtƒè…³

ƒ¸õÿÿé§

ƒ¸õÿÿé›

ƒ¸õÿÿé

¸õÿÿ€


é€

	½¸õÿÿéu

fƒú*…Â


ƒ½¬õÿÿ
uƒ…´õÿÿ‹…´õÿÿ‹@üé„


j
…põÿÿPVèŽõÿÿ‹põÿÿƒÄHƒ½¨õÿÿ
Q‰•€õÿÿuN…ÀˆM

fƒ9$…C

ƒ½*õÿÿd6

;…xõÿÿ~‰…xõÿÿÀŒÅ¼ùÿÿƒ9
„Ú


ÿµ¸õÿÿj*jéö

À‹„ÅÀùÿÿ‹
‰…|õÿÿ…À»

ƒ¸õÿÿ÷|õÿÿé©

‹…|õÿÿkÀ
·ÊDÐ‰…|õÿÿéŽ

ƒ¥°õÿÿ
é‚

fƒú*…’


ƒ½¬õÿÿ
uƒ…´õÿÿ‹…´õÿÿ‹@üë:j
…põÿÿPVèžôÿÿ‹põÿÿƒÄHƒ½¨õÿÿ
Q‰•€õÿÿ„ÿÿÿÀ‹„ÅÀùÿÿ‹
‰…°õÿÿ…À

ƒ°õÿÿÿé	

Ç


j*Yf‰ŒÅÄùÿÿ‹¸õÿÿ‰ŒÅÈùÿÿéæ

‹…°õÿÿkÀ
·ÊDÐ‰…°õÿÿéË

·ÂƒøItWƒøhtFƒøltƒøw…°

¸õÿÿ


é¡

fƒ>lu÷¸õÿÿ


‰µ€õÿÿé„

ƒ¸õÿÿéx

ƒ¸õÿÿ él

·ƒø6ufƒ~4uƒÆ¸õÿÿ
€

‰µ€õÿÿéE

ƒø3ufƒ~2uƒÆ¥¸õÿÿÿÿÿ‰µ€õÿÿé!

ƒødtAƒøit<ƒøot7ƒøut2ƒøxt-ƒøXt(ƒ¥dõÿÿ
‹…lõÿÿRµ„õÿÿÇ…hõÿÿ


è™ùÿÿéÚ

¸õÿÿ


éÌ

·Âƒød•

„ˆ

ƒøSâ


„–


ƒèAt+Çtx+Çt+Ç…À	

ƒÂ Ç…Hõÿÿ


‰•ˆõÿÿƒ¸õÿÿ@ƒ½¬õÿÿ…¾

ƒ½¨õÿÿ
…±

ƒ½*õÿÿc‡ˆ

‹…*õÿÿÀŒÅ¼ùÿÿƒ9
…V

Ç


f‰”ÅÄùÿÿé2þÿÿ÷…¸õÿÿ0

uqƒ¸õÿÿ ëh÷…¸õÿÿ0

uƒ¸õÿÿ ‹°õÿÿƒûÿu»ÿÿÿ3ö9µ¬õÿÿ…%

ƒ…´õÿÿ‹…´õÿÿ‹@üé]

ƒèX„§

+Ç„ø


ƒè„2ÿÿÿ+Ç…×

ƒ½¬õÿÿ
Ç…hõÿÿ


uƒ…´õÿÿ‹…´õÿÿ·@üëJƒ½*õÿÿc‡*

‹…*õÿÿÀƒ½¨õÿÿ
u"ŒÅ¼ùÿÿƒ9
uÇ


é½

ÿµ¸õÿÿé

‹„ÅÀùÿÿ·
ö…¸õÿÿ ‰…LõÿÿtFˆ…\õÿÿ…õÿÿP‹…õÿÿÆ…]õÿÿ
ÿ°¬


…\õÿÿP…¼õÿÿPè‚/

ƒÄ…ÀyÇ…Põÿÿ


ëf‰…¼õÿÿ…¼õÿÿ‰…¤õÿÿÇ…Œõÿÿ


éð

ƒ½¬õÿÿ
uƒ…´õÿÿ‹…´õÿÿ‹@üë+ƒ½*õÿÿc‡Ñ

‹…*õÿÿÀƒ½¨õÿÿ
„ø


‹„ÅÀùÿÿ‹
…Àt:‹H…Ét3÷…¸õÿÿ


¿
‰¤õÿÿt™+ÂÇ…hõÿÿ


ép

ƒ¥hõÿÿ
éf

¡ *‰…¤õÿÿPè
íÿÿYéO

ƒøp

„ó

ƒøeŒ=

ƒøgŽ‡ýÿÿƒøi„Ï


ƒønt2ƒøo…

‹¸õÿÿÇ…ˆõÿÿ


„Û‰À


Ë


‰¸õÿÿé¯


ƒ½¬õÿÿ
uƒ…´õÿÿ‹…´õÿÿ‹püëDƒ½*õÿÿc‡Õ


‹…*õÿÿÀƒ½¨õÿÿ
uŒÅ¼ùÿÿƒ9
„ê

ÿµ¸õÿÿRWé<

‹„ÅÀùÿÿ‹0èÒ-

…À„‘


ö…¸õÿÿ tf‹…„õÿÿf‰ë‹…„õÿÿ‰Ç…Põÿÿ


é\

ƒ¸õÿÿ@Ç…ˆõÿÿ



‹¸õÿÿ3ö÷Ã
€

„’

9µ¬õÿÿ…N

‹´õÿÿƒÁ‰´õÿÿ‹Aø‹Qüé

ÿµ¸õÿÿRjQèAôÿÿƒÄ…À…Í

èãßÿÿÇ



è|ßÿÿ€½œõÿÿ
éžöÿÿƒ½°õÿÿ
½¼õÿÿ¸


‰½¤õÿÿ‰…Œõÿÿ}Ç…°õÿÿ


ëhufƒúgu`Ç…°õÿÿ


ëT9…°õÿÿ~‰…°õÿÿ»£


9°õÿÿ~9‹µ°õÿÿÆ]

VèÌ¿ÿÿ‹•ˆõÿÿY‰…Tõÿÿ…Àt‰…¤õÿÿ‰µŒõÿÿ‹øë‰°õÿÿƒ½¬õÿÿ
u‹…´õÿÿƒÀ‰…´õÿÿ‹Hø‰@õÿÿ‹@üë'ƒ½*õÿÿc‡ÿÿÿ‹…*õÿÿÀ‹„ÅÀùÿÿ‹‰@õÿÿ‹@‹5
‰…Dõÿÿ…õÿÿPÿµHõÿÿ¾Âÿµ°õÿÿPÿµŒõÿÿ…@õÿÿWPÿ5ªÿÖÿÐ‹¸õÿÿƒÄã€


tƒ½°õÿÿ
u…õÿÿPWÿ5œªÿÖÿÐYYfƒ½ˆõÿÿgu…Ûu…õÿÿPWÿ5˜ªÿÖÿÐYY€?-u¸õÿÿ


G‰½¤õÿÿWéóüÿÿÇ…°õÿÿ


Ç…Xõÿÿ


ë$ƒès„ûÿÿ+Ç„×ýÿÿƒè…#

Ç…Xõÿÿ'


ö…¸õÿÿ€Ç…ˆõÿÿ


„·ýÿÿj0Xf‰…`õÿÿ‹…XõÿÿƒÀQf‰…bõÿÿ‰½tõÿÿé’ýÿÿ‹…*õÿÿƒøc‡×ýÿÿÀ9µ¨õÿÿukŒÅ¼ùÿÿ91uÇ


éù

SRjéC

÷Ã


tU9µ¬õÿÿ„fýÿÿ‹…*õÿÿƒøc‡‹ýÿÿÀ9µ¨õÿÿuŒÅ¼ùÿÿ91uÇ


é*

SRjé÷


‹ŒÅÀùÿÿ‹‹QéF

öÃ „’


öÃ@tJ9µ¬õÿÿuƒ…´õÿÿ‹…´õÿÿ¿@üéÙ


‹…*õÿÿƒøc‡ýÿÿÀ9µ¨õÿÿ„Š


‹„ÅÀùÿÿ¿
é*


9µ¬õÿÿuƒ…´õÿÿ‹…´õÿÿ·@üé


‹…*õÿÿƒøc‡ÌüÿÿÀ9µ¨õÿÿtD‹„ÅÀùÿÿ·
ëjöÃ@th9µ¬õÿÿuƒ…´õÿÿ‹…´õÿÿ‹@üëK‹…*õÿÿƒøc‡ˆüÿÿÀ9µ¨õÿÿu)ŒÅ¼ùÿÿ91„«


SRjQè›ðÿÿƒÄ…À„ZüÿÿéL

‹„ÅÀùÿÿ‹
™ë>9µ¬õÿÿuƒ…´õÿÿ‹…´õÿÿ‹@üë"‹…*õÿÿƒøc‡ üÿÿÀ9µ¨õÿÿt˜‹„ÅÀùÿÿ‹
3ÒöÃ@t;Ö|;Æs÷ØƒÒ
÷Ú¸õÿÿ


÷…¸õÿÿ


‹Ú‹øu3Ûƒ½°õÿÿ
}&Ç…°õÿÿ


ë4Ç


f‰”ÅÄùÿÿ‰œÅÈùÿÿé¡

ƒ¥¸õÿÿ÷¸


9…°õÿÿ~‰…°õÿÿ‹ÇÃu!…tõÿÿµ»÷ÿÿ‹…°õÿÿÿ°õÿÿ…À‹ÇÃt-‹…ˆõÿÿ™RPSWèîÿÿƒÁ0‰8õÿÿ‹ø‹Úƒù9~XõÿÿˆNë½…»÷ÿÿ+ÆF÷…¸õÿÿ


‰…Œõÿÿ‰µ¤õÿÿ„


…Àt‹Î€90„þ


ÿ¤õÿÿ‹¤õÿÿÆ0@éã


‹…*õÿÿƒøc‡ãúÿÿÀ9µ¨õÿÿu+ŒÅ¼ùÿÿ91…úÿÿ‰9‹¸õÿÿf‰”ÅÄùÿÿ‰ŒÅÈùÿÿé¥


‹„ÅÀùÿÿ‹
ö…¸õÿÿ ‰…¤õÿÿtN;Æu¡ *‰…¤õÿÿƒ¥Œõÿÿ
‹µ¤õÿÿ…Û~mŠ„Àtgõÿÿ¶ÀQPèî(

YY…ÀtFFÿ…Œõÿÿ9Œõÿÿ|Ôë?9µ¤õÿÿu¡$*‰…¤õÿÿ‹…¤õÿÿÇ…hõÿÿ


ëKf90tÇ;Þuô+…¤õÿÿÑø‰…Œõÿÿƒ½¬õÿÿu
ƒ½¨õÿÿ
„À

ƒ½Põÿÿ
…—

‹…¸õÿÿ¨@t+©


tj-ë¨tj+ë¨tj Xf‰…`õÿÿÇ…tõÿÿ


‹|õÿÿ+Œõÿÿ+tõÿÿö…¸õÿÿ‰8õÿÿu(‹û…Û~"‹…lõÿÿj µ„õÿÿOèüîÿÿƒ½„õÿÿÿYt…ÿÞ‹½lõÿÿ‹tõÿÿ…`õÿÿP…„õÿÿèïÿÿö…¸õÿÿYt)ö…¸õÿÿu ëj0µ„õÿÿ‹ÇKè«îÿÿƒ½„õÿÿÿYt…Ûâƒ½hõÿÿ
uk‹Œõÿÿ…Û~a‹½¤õÿÿ…õÿÿP‹…õÿÿÿ°¬


…LõÿÿWPKè1&

ƒÄ‰…ˆõÿÿ…À~$ÿµLõÿÿ‹…lõÿÿµ„õÿÿè?îÿÿ½ˆõÿÿY…Û°ë!ƒ„õÿÿÿëÿµ¤õÿÿ‹Œõÿÿ…„õÿÿèFîÿÿYƒ½„õÿÿ
|3ö…¸õÿÿt*‹½8õÿÿë‹…lõÿÿj µ„õÿÿOèãíÿÿƒ½„õÿÿÿYt…ÿÞƒ½Tõÿÿ
tÿµTõÿÿèõ¤ÿÿƒ¥Tõÿÿ
Y‹µ€õÿÿ·‰…ˆõÿÿf…À…aïÿÿƒ½dõÿÿ
t
ƒ½dõÿÿ…øÿÿƒ½¬õÿÿunƒ½¨õÿÿ
ue3ÿ9½xõÿÿ|[‹…´õÿÿµÀùÿÿ‹NüIt2It/It%It"It&II…Ã÷ÿÿ‰…´õÿÿPèì7

‹…´õÿÿYë‰ƒÀë‰ƒÀ‰…´õÿÿGƒÆ;½xõÿÿ~±ÿ…¨õÿÿƒ½¨õÿÿ}
‹µ<õÿÿ3ÛéVîÿÿ€½œõÿÿ
t
‹…˜õÿÿƒ`pý‹…„õÿÿ‹Mü_^3Í[è‚œÿÿÉÃ‹ÿ«[à[\o\V]b]^_ÌÌÌÌÌè*

…Àtjè§

YöP©tjh

@jèýÔÿÿƒÄjè6»ÿÿÌÌÌÌÌÌ‹ÿU‹ì‹M¡P©‹U#U÷Ñ#ÈÊ‰
P©]ÃÌÌÌÌÌ‹ÿU‹ì‹E£À¿]ÃÌÌÌÌÌ‹ÿU‹ììt

¡`*3Å‰EüS‹]V‹u3ÀW‹}ÿu´ûÿÿ‰µÔûÿÿ‰½èûÿÿ‰…¬ûÿÿ‰…øûÿÿ‰…Ðûÿÿ‰…ôûÿÿ‰…Üûÿÿ‰…°ûÿÿ‰…ØûÿÿèÝ›ÿÿ…öu+è)ÖÿÿÇ



èÂÕÿÿ€½Àûÿÿ
t
‹…¼ûÿÿƒ`pýƒÈÿéî


3À;ØtÏ·‰…äûÿÿ‰…ìûÿÿ‰…Äûÿÿ‰…¨ûÿÿ‰àûÿÿf;È„¥


j^Þ3À‰¤ûÿÿ9…äûÿÿŒv


QàfƒúXw
·Á¶€P2
ƒà‹•ÄûÿÿkÀ	¶„p2
jÁèZ‰…Äûÿÿ;Â„Qÿÿÿƒø‡


ÿ$…úw3Àƒôûÿÿÿ‰…*ûÿÿ‰…°ûÿÿ‰…Ðûÿÿ‰…Üûÿÿ‰…øûÿÿ‰…Øûÿÿéä	

·Áƒè tHƒèt4+Ât$+Ætƒè…º	

	•øûÿÿé»	

ƒøûÿÿé¯	

ƒøûÿÿé£	

øûÿÿ€


é”	

	µøûÿÿé‰	

fƒù*u+‹ƒÇ‰½èûÿÿ‰…Ðûÿÿ…À‰j	

ƒøûÿÿ÷ÐûÿÿéX" [127488 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\Run: [puush] => D:\Data\Toolz\puush\puush.exe [567880 2014-03-14] ()
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\Run: [Spybot-S&D Cleaning] => D:\Data\Toolz\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E7184A47F73CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: haufereader - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{A7AFB675-BB88-478E-A8B7-8B72D2B6CA0A}: [NameServer]192.168.179.1
Tcpip\..\Interfaces\{F4459F9F-E811-4E77-8C48-E1A4A6AEC2E0}: [NameServer]208.67.222.222,192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\XXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: General Downloader plugin - C:\Users\XXXXX\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@generaldownloader.com [2011-10-11]
FF Extension: Lightbeam - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-01-15]
FF Extension: NO Google Analytics - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-01-15]
FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-04-01] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SbieSvc; D:\Data\Toolz\Sandboxie\SbieSvc.exe [94992 2011-11-23] (SANDBOXIE L.T.D)
R2 SDScannerService; D:\Data\Toolz\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Data\Toolz\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Data\Toolz\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VisualSVNServer; I:\VisualSVN Server\bin\VisualSVNServer.exe [24424 2011-10-10] (Apache Software Foundation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-17] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-08] (Wacom Technology, Corp.)
S2 Apache2.2; "I:\Apache\bin\httpd.exe" -k runservice [X]
S2 CLKMSVC10_22035577; "H:\f!3rce\Progz\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe" /svc [X]

==================== Drivers (Whitelisted) ====================

R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-10-12] (DT Soft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-22] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
S3 RivaTuner64; D:\Data\Toolz\RivaTuner\RivaTuner64.sys [19952 2011-10-30] ()
S3 SbieDrv; D:\Data\Toolz\Sandboxie\SbieDrv.sys [158336 2011-11-23] (SANDBOXIE L.T.D)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S2 AODDriver4.01; \??\D:\Data\Driverz\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\XXXXX\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X]
S1 nltdi; \??\D:\Data\Toolz\NetLimiter\nltdi.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-22 21:23 - 2014-06-22 21:23 - 00001287 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-06-22 21:18 - 2014-06-22 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 21:04 - 2014-06-22 21:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2014-06-22 20:54 - 2014-06-22 21:20 - 00001142 _____ () C:\Users\XXXXX\Desktop\MBAM.txt
2014-06-22 20:54 - 2014-06-22 20:57 - 00000000 ____D () C:\AdwCleaner
2014-06-22 01:28 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-06-22 01:28 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-06-22 01:28 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-06-22 01:28 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-06-22 01:27 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-06-21 16:24 - 2013-02-12 17:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-21 16:24 - 2013-02-12 17:37 - 03138048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-21 16:24 - 2013-02-12 17:31 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-06-21 16:24 - 2013-02-12 17:13 - 02691072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-21 16:24 - 2013-02-12 17:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-06-21 16:24 - 2013-02-12 15:59 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-21 16:24 - 2012-11-09 07:34 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-06-21 16:24 - 2012-11-09 06:49 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 01541120 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-06-21 16:24 - 2011-04-27 04:57 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-06-21 16:23 - 2012-11-09 07:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-06-21 16:23 - 2012-11-09 06:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-06-21 16:23 - 2010-12-23 08:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-06-21 16:23 - 2010-12-23 08:07 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-06-21 16:23 - 2010-12-23 08:02 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-06-21 16:23 - 2010-12-23 07:28 - 00850432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-06-21 16:23 - 2010-12-23 07:28 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-06-21 16:23 - 2010-12-23 07:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-06-21 16:22 - 2013-03-01 05:32 - 03150848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-21 16:22 - 2011-11-17 09:12 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-06-21 16:22 - 2011-11-17 07:39 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-06-21 16:22 - 2011-07-09 04:44 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-06-21 16:22 - 2011-05-04 04:51 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-06-21 16:22 - 2011-05-04 04:51 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-06-21 16:22 - 2010-11-02 07:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2014-06-21 16:22 - 2010-11-02 07:17 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2014-06-21 16:22 - 2010-11-02 07:17 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2014-06-21 16:22 - 2010-11-02 07:16 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-06-21 16:22 - 2010-11-02 07:10 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-06-21 16:22 - 2010-11-02 07:10 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2014-06-21 16:22 - 2010-11-02 06:40 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2014-06-21 16:22 - 2010-11-02 06:40 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2014-06-21 16:22 - 2010-11-02 06:34 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2014-06-21 16:22 - 2010-11-02 06:34 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2014-06-21 16:22 - 2009-09-03 09:36 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2014-06-21 16:22 - 2009-09-03 09:04 - 01320960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2014-06-21 16:21 - 2013-04-12 16:36 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-06-21 16:21 - 2012-06-09 07:30 - 14165504 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-21 16:21 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-21 16:20 - 2013-02-12 16:02 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-06-21 16:20 - 2013-01-04 07:41 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-21 16:20 - 2013-01-04 07:40 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-21 16:20 - 2013-01-04 07:37 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-21 16:20 - 2013-01-04 07:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-21 16:20 - 2013-01-04 07:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-21 16:20 - 2013-01-04 07:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-06-21 16:20 - 2013-01-04 07:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-21 16:20 - 2013-01-04 07:30 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-21 16:20 - 2013-01-04 07:30 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-21 16:20 - 2013-01-04 06:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-21 16:20 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 05:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-06-21 16:20 - 2013-01-04 04:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-21 16:20 - 2013-01-04 04:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-21 16:20 - 2013-01-04 04:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-21 16:20 - 2013-01-04 04:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-21 16:20 - 2013-01-04 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-21 16:20 - 2012-12-07 07:41 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-06-21 16:20 - 2012-12-07 07:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-06-21 16:20 - 2012-12-07 07:04 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-06-21 16:20 - 2012-12-07 06:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-06-21 16:20 - 2012-12-07 05:45 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-06-21 16:20 - 2012-11-22 12:32 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-21 16:20 - 2012-11-22 11:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-21 16:20 - 2012-11-20 07:55 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-06-21 16:20 - 2012-11-20 07:10 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-06-21 16:20 - 2012-11-02 07:30 - 02001408 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-21 16:20 - 2012-11-02 07:30 - 01880064 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-21 16:20 - 2012-11-02 07:27 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-06-21 16:20 - 2012-11-02 06:50 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-21 16:20 - 2012-11-02 06:50 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-21 16:20 - 2012-11-02 06:48 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-06-21 16:20 - 2012-08-24 20:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-06-21 16:20 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-06-21 16:20 - 2012-08-02 19:55 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-06-21 16:20 - 2012-08-02 19:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-06-21 16:20 - 2012-06-02 07:38 - 00152432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-21 16:20 - 2012-06-02 07:38 - 00095088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-21 16:20 - 2012-06-02 07:37 - 00459216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-06-21 16:20 - 2012-06-02 07:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-21 16:20 - 2012-06-02 06:48 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-21 16:20 - 2012-06-02 06:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-21 16:20 - 2012-06-02 06:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-21 16:20 - 2012-04-26 07:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-06-21 16:20 - 2012-04-26 07:34 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-06-21 16:20 - 2012-04-26 07:28 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-06-21 16:20 - 2011-11-17 09:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-21 16:20 - 2011-11-17 09:11 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-21 16:20 - 2011-11-17 09:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-21 16:20 - 2011-11-17 09:08 - 01446912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-21 16:20 - 2011-11-17 09:05 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-21 16:20 - 2010-07-29 08:30 - 00082944 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2014-06-21 16:20 - 2010-06-19 08:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2014-06-21 16:20 - 2010-06-19 08:23 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2014-06-21 16:19 - 2012-08-11 02:53 - 00714752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-21 16:19 - 2012-08-11 01:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-21 16:19 - 2011-11-17 09:14 - 01739160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-06-21 16:19 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-06-21 16:19 - 2011-03-25 05:23 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-06-21 16:19 - 2011-03-25 05:23 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-06-21 16:19 - 2011-03-25 05:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-06-21 16:19 - 2011-03-25 05:22 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-06-21 16:19 - 2011-03-25 05:22 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-06-21 16:19 - 2011-03-25 05:22 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-06-21 16:19 - 2011-03-25 05:22 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-06-21 16:19 - 2011-03-11 08:23 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-06-21 16:19 - 2011-03-11 08:23 - 00187264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-21 16:19 - 2011-03-11 08:23 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-06-21 16:19 - 2011-03-11 08:23 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-06-21 16:19 - 2011-03-11 08:22 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-06-21 16:19 - 2011-03-11 08:22 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-06-21 16:19 - 2011-03-11 08:18 - 02566144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-06-21 16:19 - 2011-03-11 08:15 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-06-21 16:19 - 2011-03-11 07:39 - 01686016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-06-21 16:19 - 2011-03-11 07:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-06-21 16:19 - 2011-03-11 06:31 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-06-21 03:13 - 2012-12-16 18:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-06-21 03:13 - 2012-12-16 16:40 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-06-21 03:13 - 2012-12-16 16:25 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-06-21 03:13 - 2012-12-16 16:25 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-06-21 03:12 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-06-21 03:12 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-06-21 03:12 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-06-21 03:12 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-06-21 03:12 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-06-21 03:12 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-06-21 03:12 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-06-21 03:12 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-06-21 03:09 - 2012-03-01 08:54 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-06-21 03:09 - 2012-03-01 08:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-06-21 03:09 - 2012-03-01 08:35 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-06-21 03:09 - 2012-03-01 07:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-06-21 03:09 - 2012-03-01 07:40 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-06-20 19:44 - 2014-06-22 21:29 - 00000000 ____D () C:\FRST
2014-06-20 19:44 - 2011-10-15 08:25 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-06-20 19:44 - 2011-10-15 07:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-06-20 19:43 - 2012-05-02 07:32 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-06-20 19:43 - 2011-04-22 22:18 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-06-20 19:43 - 2010-08-21 08:38 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-06-20 19:43 - 2010-08-21 08:29 - 00558592 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-06-20 19:43 - 2010-08-21 07:36 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2014-06-20 19:43 - 2009-12-19 11:50 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-06-20 19:43 - 2009-12-19 11:47 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-06-20 19:43 - 2009-12-19 11:47 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-06-20 19:43 - 2009-12-19 11:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-06-20 19:43 - 2009-12-19 11:46 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 _____ () C:\Users\XXXXX\defogger_reenable
2014-06-20 18:37 - 2012-04-28 05:50 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-06-20 18:37 - 2011-04-29 05:13 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-06-20 18:37 - 2011-04-29 05:12 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-20 18:37 - 2011-04-29 05:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-06-20 18:36 - 2011-08-17 07:32 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-06-20 18:36 - 2011-08-17 07:27 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-06-20 18:36 - 2011-08-17 07:27 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-06-20 18:36 - 2011-08-17 07:27 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-06-20 18:36 - 2011-08-17 07:27 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-06-20 18:36 - 2011-08-17 06:26 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-06-20 18:36 - 2011-08-17 06:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2014-06-20 18:36 - 2011-08-17 06:22 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-06-20 18:36 - 2011-08-17 06:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2014-06-20 18:36 - 2011-08-17 06:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2014-06-20 18:36 - 2010-08-31 06:32 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2014-06-20 18:36 - 2010-08-31 06:32 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2014-06-20 18:35 - 2010-10-16 07:23 - 00112000 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-06-20 18:35 - 2010-10-16 07:17 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-06-20 18:35 - 2010-10-16 06:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2014-06-20 18:32 - 2014-06-20 18:32 - 00022960 _____ () C:\ComboFix.txt
2014-06-20 18:23 - 2014-06-20 18:32 - 00000000 ____D () C:\ComboFix
2014-06-20 18:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 18:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 18:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 18:21 - 2014-06-20 18:32 - 00000000 ____D () C:\Qoobox
2014-06-20 18:20 - 2014-06-20 18:31 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 03:50 - 2011-12-28 05:59 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-20 03:50 - 2009-08-29 09:50 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-06-20 03:50 - 2009-08-29 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2014-06-20 03:42 - 2010-09-14 08:45 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-06-20 03:42 - 2010-09-14 08:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2014-06-20 03:40 - 2009-09-10 08:28 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-20 03:40 - 2009-09-10 07:52 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-20 03:30 - 2014-06-20 03:30 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2014-06-20 03:28 - 2014-06-20 03:28 - 01781224 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-06-20 03:02 - 2014-06-20 03:02 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-06-20 03:01 - 2010-03-04 06:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-06-20 00:42 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140620-004220.backup
2014-06-20 00:36 - 2014-06-20 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-20 00:35 - 2014-06-20 00:35 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-20 00:34 - 2014-06-20 03:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-20 00:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-19 23:30 - 2014-06-22 20:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 23:30 - 2014-06-19 23:30 - 00000802 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 23:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-19 23:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-19 23:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-19 23:17 - 2014-06-19 23:18 - 00000000 ____D () C:\OETemp
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\JAM Software
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-19 22:30 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-06-19 22:30 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-06-19 22:08 - 2010-08-04 09:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-06-19 22:08 - 2010-01-19 11:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-06-19 22:08 - 2010-01-19 11:00 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-06-19 22:08 - 2010-01-19 11:00 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-06-19 22:08 - 2010-01-19 11:00 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-06-19 22:08 - 2010-01-19 01:29 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-06-19 22:08 - 2010-01-19 01:29 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-06-19 22:08 - 2010-01-19 01:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-06-19 22:08 - 2010-01-19 01:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-06-19 22:08 - 2010-01-19 01:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-06-19 22:08 - 2010-01-19 01:28 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-06-19 22:08 - 2010-01-19 01:28 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-06-19 22:08 - 2010-01-19 01:28 - 00277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-06-19 22:08 - 2009-10-19 16:46 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-06-19 22:08 - 2009-10-19 16:46 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-06-19 22:08 - 2009-10-19 16:10 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2014-06-19 22:08 - 2009-10-19 16:10 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-06-11 20:04 - 2014-06-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 20:37 - 2014-06-10 20:37 - 00001535 _____ () C:\Users\XXXXX\Documents\Ungefähre Liste.txt
2014-06-09 17:09 - 2014-06-09 18:07 - 00004891 _____ () C:\Users\XXXXX\Desktop\ai research notes.txt
2014-05-28 21:57 - 2014-05-28 22:00 - 00000568 __RSH () C:\Users\XXXXX\ntuser.pol
2014-05-27 18:59 - 2014-05-27 18:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-27 18:59 - 2014-05-27 18:59 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

==================== One Month Modified Files and Folders =======

2014-06-22 21:29 - 2014-06-20 19:44 - 00000000 ____D () C:\FRST
2014-06-22 21:27 - 2010-11-06 23:23 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Skype
2014-06-22 21:23 - 2014-06-22 21:23 - 00001287 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-06-22 21:20 - 2014-06-22 20:54 - 00001142 _____ () C:\Users\XXXXX\Desktop\MBAM.txt
2014-06-22 21:18 - 2014-06-22 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 21:14 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 21:14 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 21:07 - 2014-02-22 16:25 - 47301589 _____ () C:\Windows\setupact.log
2014-06-22 21:07 - 2012-05-09 00:54 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-22 21:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 21:05 - 2012-05-09 00:54 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 21:04 - 2014-06-22 21:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2014-06-22 21:04 - 2014-04-03 19:42 - 00000000 ____D () C:\Program Files\Tablet
2014-06-22 21:00 - 2012-04-04 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 20:58 - 2011-01-13 19:32 - 00082560 _____ () C:\Windows\PFRO.log
2014-06-22 20:57 - 2014-06-22 20:54 - 00000000 ____D () C:\AdwCleaner
2014-06-22 20:24 - 2014-06-19 23:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-22 14:38 - 2009-07-14 06:45 - 00319592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-22 05:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-22 03:10 - 2010-10-24 13:32 - 02001246 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 02:50 - 2011-06-22 21:03 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\vlc
2014-06-21 15:03 - 2013-04-06 17:36 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-21 13:14 - 2011-01-11 21:32 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\TSVNCache
2014-06-21 13:14 - 2010-10-24 16:29 - 00072624 _____ () C:\Users\XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 13:10 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-21 03:14 - 2011-01-11 19:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-21 01:00 - 2012-05-09 00:54 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 01:00 - 2012-05-09 00:54 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 23:04 - 2012-05-04 18:00 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Downloaded Installations
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 _____ () C:\Users\XXXXX\defogger_reenable
2014-06-20 19:33 - 2010-10-24 15:20 - 00000000 ____D () C:\Users\XXXXX
2014-06-20 18:32 - 2014-06-20 18:32 - 00022960 _____ () C:\ComboFix.txt
2014-06-20 18:32 - 2014-06-20 18:23 - 00000000 ____D () C:\ComboFix
2014-06-20 18:32 - 2014-06-20 18:21 - 00000000 ____D () C:\Qoobox
2014-06-20 18:32 - 2011-11-02 21:15 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-06-20 18:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-20 18:31 - 2014-06-20 18:20 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 18:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 17:53 - 2012-04-22 18:09 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
2014-06-20 17:47 - 2011-09-01 23:16 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-20 15:01 - 2011-01-11 19:49 - 00000000 ____D () C:\Users\XXXXX\Documents\Visual Studio 2008
2014-06-20 14:56 - 2011-01-15 20:16 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\VisualAssist
2014-06-20 03:44 - 2014-06-20 00:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-20 03:34 - 2011-01-11 20:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-06-20 03:32 - 2011-01-11 20:02 - 01626404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-20 03:32 - 2009-07-14 19:58 - 00749328 _____ () C:\Windows\system32\perfh007.dat
2014-06-20 03:32 - 2009-07-14 19:58 - 00169602 _____ () C:\Windows\system32\perfc007.dat
2014-06-20 03:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-06-20 03:30 - 2014-06-20 03:30 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2014-06-20 03:28 - 2014-06-20 03:28 - 01781224 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-06-20 03:27 - 2012-05-13 18:15 - 00008947 _____ () C:\Windows\IE9_main.log
2014-06-20 03:26 - 2009-07-14 07:13 - 00077818 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 03:02 - 2014-06-20 03:02 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-06-20 00:36 - 2014-06-20 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-20 00:35 - 2014-06-20 00:35 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-19 23:30 - 2014-06-19 23:30 - 00000802 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 23:19 - 2013-12-10 00:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-19 23:18 - 2014-06-19 23:17 - 00000000 ____D () C:\OETemp
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\JAM Software
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-19 22:50 - 2012-03-10 18:42 - 00000000 ____D () C:\Fraps
2014-06-12 18:38 - 2012-05-02 23:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 20:04 - 2014-06-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 20:37 - 2014-06-10 20:37 - 00001535 _____ () C:\Users\XXXXX\Documents\Ungefähre Liste.txt
2014-06-09 18:07 - 2014-06-09 17:09 - 00004891 _____ () C:\Users\XXXXX\Desktop\ai research notes.txt
2014-05-28 22:00 - 2014-05-28 21:57 - 00000568 __RSH () C:\Users\XXXXX\ntuser.pol
2014-05-28 21:56 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-27 18:59 - 2014-05-27 18:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-27 18:59 - 2014-05-27 18:59 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-27 18:59 - 2011-01-12 20:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-27 18:59 - 2011-01-12 20:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-26 19:49 - 2014-05-15 19:40 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-05-26 18:41 - 2010-11-06 23:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 18:41 - 2010-11-06 23:23 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-21 19:09

==================== End Of Log ============================

--- --- ---

Danke für die Mühe sich das anzuschauen schonmal

schrauber · 23.06.2014, 18:39

Treesize:

winsxs Ordner solange aufklapen bis man den letzten Ordner oder die Dateien sieht, die den Platz brauchen.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

ecreif · 24.06.2014, 00:38

Momentan scheint alles stabil. wobei ich so viel GB freigemacht habe, automatische updates ausgeschaltet habe, den temp ordner auf eine andere platte verschoben habe. Trotzdem sind gerade nur 600MB frei. Also irgendwas macht das die Platte voll und ich weiß nicht was und wo.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=36887
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=25c44a4511a5834fbafcdcbb86546330
# engine=18846
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-23 11:18:05
# local_time=2014-06-24 01:18:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 159318 155971156 0 0
# scanned=735862
# found=7
# cleaned=0
# scan_time=11474
sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Sandbox\XXXXX\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\bezmy39s.default\user.js"
sh=85B1ED9BF3FD6EDF000D652A0578CD7232A100DF ft=1 fh=5d54d202ee17718b vn="Win64/Adware.MediaFinder.A Anwendung" ac=I fn="C:\Users\XXXXX\AppData\Roaming\General Downloader\Extensions\IEPlugin64.dll"
sh=63F5893D25C783952EC37274210F7B574D4FC5EB ft=1 fh=7a519f4b0cfe3fbc vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\Data\Downloadz\MCPatcher_downloader_by_MCPatcher.exe"
sh=DB9418AF994A1F556D7513674BA0882F08292E91 ft=1 fh=8a8ff7b65d349ef0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\XXXXX\Eigene Dateien\Downloads\FreeYouTubeDownload.exe"
sh=4FF97B281BC64D991DD01DAD2A67C5F0831535DB ft=1 fh=048fe3b80b0ef2b0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Gemeinsame Dateien\DVDVideoSoft\TB\DVDVideoSoft.exe"
sh=9EE0733642C8AF058949F842EB027707EB49F997 ft=1 fh=235bec411af72c00 vn="Variante von Win32/Adware.Kazaa.A Anwendung" ac=I fn="H:\YYYYY\Downloadz\kmd.exe"
sh=2C12F08BC7B2E3E3A6E343CDFEA2260A9EACD576 ft=1 fh=7e7a3408c994b3d6 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="J:\FireFox Dl\unlocker1.8.7.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!! 
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java(TM) 6 Update 26  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (30.0) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by XXXXX (administrator) on XXXXX-PC on 24-06-2014 01:32:36
Running from D:\Data\Downloadz
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Windows\DAODx.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) D:\Data\Toolz\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) D:\Data\Toolz\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Apache Software Foundation) I:\VisualSVN Server\bin\VisualSVNServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apache Software Foundation) I:\VisualSVN Server\bin\VisualSVNServer.exe
(Safer-Networking Ltd.) D:\Data\Toolz\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() D:\Data\Toolz\puush\puush.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Don HO don.h@free.fr) D:\Programs\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => D:\Data\Toolz\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [‰0ƒÁƒÀJuñ‹óèÈûÿÿé´þÿÿ€L@;ÁvöƒÆ€~ÿ] - C:\Windows\system32\MsiExec.exe /@ "‰0ƒÁƒÀJuñ‹óèÈûÿÿé´þÿÿ€L@;ÁvöƒÆ€~ÿ
…0ÿÿÿC¹þ


€@Iuù‹Cèøúÿÿ‰C‰Së‰s3À·È‹ÁÁáÁ{«««ë§95h¹…TþÿÿƒÈÿ‹Mü_^3Í[è³¿ÿÿÉÃÌÌÌÌÌjh¸jèæÿÿƒMàÿèp×ÿÿ‹ø‰}ÜèÉüÿÿ‹_h‹uègýÿÿ‰E;C„W

h 

è‹ÚÿÿY‹Ø…Û„F

¹ˆ


‹wh‹ûó¥ƒ#
Sÿuè¯ýÿÿYY‰Eà…À…ü


‹uÜÿvhÿ8
…Àu‹Fh=Ø¡tPè*ÆÿÿY‰^hS‹=,
ÿ×öFp…ê


öø¦…Ý


j
èQ0

Yƒeü
‹C£x¹‹C£
¹‹C£€¹3À‰Eäƒø}f‹LCf‰El¹@ëè3À‰Eä=

}
ŠLˆˆø£@ëé3À‰Eä=


}ŠŒ

ˆˆ
¥@ëæÿ5
¦ÿ8
…Àu¡
¦=Ø¡tPèçÅÿÿY‰
¦Sÿ×ÇEüþÿÿÿè


ë0j
èÁ.

YÃë%ƒøÿu ûØ¡tSè±ÅÿÿYèÙøÿÿÇ



ëƒeà
‹EàèËäÿÿÃÌÌÌÌÌƒ=LÛ
ujýèQþÿÿYÇLÛ


3ÀÃÌÌÌÌÌ‹ÿU‹ìSV‹5,
W‹}WÿÖ‹‡°


…ÀtPÿÖ‹‡¸


…ÀtPÿÖ‹‡´


…ÀtPÿÖ‹‡À


…ÀtPÿÖ_PÇE


{øü¦t	‹…ÀtPÿÖƒ{ü
t
‹C…ÀtPÿÖƒÃÿMuÖ‹‡Ô


´


PÿÖ_^[]ÃÌÌÌÌÌ‹ÿU‹ìW‹}…ÿ„ƒ


SV‹58
WÿÖ‹‡°


…ÀtPÿÖ‹‡¸


…ÀtPÿÖ‹‡´


…ÀtPÿÖ‹‡À


…ÀtPÿÖ_PÇE


{øü¦t	‹…ÀtPÿÖƒ{ü
t
‹C…ÀtPÿÖƒÃÿMuÖ‹‡Ô


´


PÿÖ^[‹Ç_]ÃÌÌÌÌÌ‹ÿU‹ìSV‹u‹†¼


3ÛW;Ãto=8*th‹†°


;Ãt^9uZ‹†¸


;Ãt9uPèüÃÿÿÿ¶¼


èN

YY‹†´


;Ãt9uPèÛÃÿÿÿ¶¼


è‡M

YYÿ¶°


èÃÃÿÿÿ¶¼


è¸ÃÿÿYY‹†À


;ÃtD9u@‹†Ä


-þ


Pè—Ãÿÿ‹†Ì


¿€


+ÇPè„Ãÿÿ‹†Ð


+ÇPèvÃÿÿÿ¶À


èkÃÿÿƒÄ‹†Ô


=
§t9˜´


uPèˆI

ÿ¶Ô


èBÃÿÿYY~PÇE


øü¦t‹;Ãt9uPèÃÿÿY9_üt‹G;Ãt9uPèÃÿÿYƒÇÿMuÇVè÷ÂÿÿY_^[]ÃÌÌÌÌÌ‹ÿU‹ìW‹}…ÿt;‹E…Àt4V‹0;÷t(W‰8è[ýÿÿY…ötVèäýÿÿƒ>
Yuþh¨tVènþÿÿY‹Ç^ë3À_]ÃÌÌÌÌÌjhØjè}áÿÿèÞÒÿÿ‹ð¡ø¦…Fpt"ƒ~l
tèÇÒÿÿ‹pl…öuj èÚÿÿY‹ÆèáÿÿÃjè0,

Yƒeü
ÿ5@©ƒÆlVèTÿÿÿYY‰EäÇEüþÿÿÿè


ë¾jè+

Y‹uäÃÌÌÌÌÌ‹ÿU‹ì¸ÿÿ

ƒìf9E„‡


SVÿuMìèÑºÿÿ‹uì‹N3Û;Ëu‹EH¿fƒùwfƒÀ ·ÀëK¸


jf9EsÿuèM

Y…À·EYt,‹ŽÌ


¶ë UüRjURPQèÃL

ƒÄ…À·Et·Eü8]øt‹Môƒapý^[ÉÃÌÌÌÌÌ‹ÿU‹ì‹UVW…Òt‹}…ÿuè‹ôÿÿj^‰0è%ôÿÿ‹Æë3‹E…Àuˆëâ‹ò+ðŠˆ@„ÉtOuó…ÿuÆ
èUôÿÿj"Y‰‹ñëÆ3À_^]ÃÌÌÌÌÌÌÌ‹L$÷Á


t$ŠƒÁ„ÀtN÷Á


uï



¤$



¤$



‹ºÿþþ~Ðƒðÿ3ÂƒÁ©
tè‹Aü„Àt2„ät$©

ÿ
t©


ÿtëÍAÿ‹L$+ÁÃAþ‹L$+ÁÃAý‹L$+ÁÃAü‹L$+ÁÃÌÌÌÌÌW‹Æƒà…À…Á


‹ÑƒáÁêteë›



fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fp¶€


¿€


Ju£…ÉtI‹ÑÁê…Òt›



fofvJuïƒát$‹ÁÁét
‹‰vIuó‹Èƒát	ŠˆFGIu÷X^_]Ãº


+Ð+ÊQ‹Â‹Èƒát	ŠˆFGIu÷Áèt
‹‰vHuóYéÿÿÿÌÌÌÌÌj
ÿ*
£(Ú3ÀÃÌÌÌÌÌ‹ÿU‹ìQQ‹EW‹}…Àt‰8…ÿuèuòÿÿÇ



èòÿÿ3Àé

ƒ}
tƒ}
Ýƒ}$×ƒeü
SVj[·7SVƒÇèiJ

YY…Àuífƒþ-uƒMëfƒþ+u·7ƒÇƒ}
u-Vè§N

Y…Àt	ÇE



ë>·ƒøxt
ƒøXt‰]ë,ÇE


ƒ}uVètN

Y…Àu·ƒøxtƒøXu·wƒÇƒÈÿ3Ò÷u‰Uø‹ØVèHN

Yƒøÿu)jAXf;ÆwfƒþZv	FŸfƒøw1FŸfƒø·Æwƒè ƒÀÉ;EsƒM9]ür*u;Eøv#ƒMƒ}
u%‹Eƒï¨u&ƒ}
t‹}ƒeü
ëa‹Mü¯MÈ‰Mü·7ƒÇé
ÿÿÿ¾ÿÿÿ¨u¨u=ƒàt	}ü


€w	…Àu+9uüv&èñÿÿöEÇ
"


tƒMüÿëöEj
X•ÀÆ‰Eü‹E^[…Àt‰8öEt÷]ü‹Eü_ÉÃÌÌÌÌÌ‹ÿU‹ìj
ÿuÿuÿuè$þÿÿƒÄ]ÃÌÌÌÌÌ‹ÿU‹ì3À‹M;Åˆ 
t
@ƒørî3À]Ã‹ÅŒ 
]ÃÌÌÌÌÌ‹ÿU‹ììü

¡`*3Å‰EüSV‹uWVè´ÿÿÿ‹ø3ÛY‰½þÿÿ;û„l

jèQP

Yƒø„

jè@P

Y…Àu
ƒ=Ð´„î


þü


„6

hÄ!
h

¿ˆ¹Wè(ÁÿÿƒÄ…À…¸


h

¾º¹VSf£Â»ÿ¨
»û

…Àuh”!
SVèðÀÿÿƒÄ…Àt3ÀPPPPPèÿîÿÿVèœO

@Yƒø<v*VèO

ED¹‹È+ÎjÑùhŒ!
+ÙSPèšÁÿÿƒÄ…Àu½h„!
¾

VWè#ÄÿÿƒÄ…Àu¥ÿµþÿÿVWèÄÿÿƒÄ…Àu‘h 
h8!
Wè¾M

ƒÄë^SSSSSéyÿÿÿjôÿD
‹ð;ótFƒþÿtA3ÀŠGˆŒþÿÿf9Gt@=ô

rèS…þÿÿP…þÿÿPˆ]ûè²úÿÿYP…þÿÿPVÿ¤
‹Mü_^3Í[è"´ÿÿÉÃÌÌÌÌÌjèÑN

YƒøtjèÄN

Y…Àuƒ=Ð´uhü


è þÿÿhÿ


èþÿÿYYÃÌÌÌÌÌ‹ÿU‹ì‹E£°¿]ÃÌÌÌÌÌ‹ÿU‹ìÿ5°¿ÿ
…ÀtÿuÿÐY…Àt3À@]Ã3À]ÃÌÌÌÌÌ‹ÿU‹ìƒ}
uè>îÿÿÇ



è×íÿÿƒÈÿ]Ãÿuj
ÿ58¶ÿ¬
]ÃÌÌÌÌÌjhøjèËÙÿÿjè±$

Yƒeü
‹u‹N…Ét/¡¼¿º¸¿‰Eä…Àt9u,‹H‰JPè¥ºÿÿYÿvèœºÿÿYƒf
ÇEüþÿÿÿè



èºÙÿÿÃ‹ÐëÅjès#

YÃÌÌÌÌÌÌÌ‹T$‹L$÷Â


u<‹:u.
Àt&:au%
ätÁè:Au
Àt:auƒÁƒÂ
äuÒ‹ÿ3ÀÃÀÑàƒÀÃ÷Â


tŠƒÂ:uçƒÁ
ÀtÜ÷Â


t¤f‹ƒÂ:uÎ
ÀtÆ:auÅ
ät½ƒÁëˆÌÌÌÌÌ‹ÿU‹ìƒì ‹EVWjY¾ø!
}àó¥‰Eø‹E_‰Eü^…Àtö
tÇEô
@™EôPÿuðÿuäÿuàÿ°
ÉÂ
ÌÌÌÌÌÌÌV‹D$Àu(‹L$‹D$3Ò÷ñ‹Ø‹D$÷ñ‹ð‹Ã÷d$‹È‹Æ÷d$ÑëG‹È‹\$‹T$‹D$ÑéÑÛÑêÑØÉuô÷ó‹ð÷d$‹È‹D$÷æÑr;T$wr;D$v	N+D$T$3Û+D$T$÷Ú÷ØƒÚ
‹Ê‹Ó‹Ù‹È‹Æ^Â
ÌÌÌÌÌÌÌÌÌÌÌSV‹D$Àu‹L$‹D$3Ò÷ñ‹Ø‹D$÷ñ‹ÓëA‹È‹\$‹T$‹D$ÑéÑÛÑêÑØÉuô÷ó‹ð÷d$‹È‹D$÷æÑr;T$wr;D$vN3Ò‹Æ^[Â
ÌÌÌÌÌ‹ÿU‹ìVf‹uW‹}·Gƒøp„"

fƒþp„

ƒøst	ƒøSt3Òë3ÒBfƒþst
fƒþSt3Éë3ÉA…Ò…É


…É…à


ji_jdZf;Ât]f;Çt6ƒøot1ƒøut,ƒøxt'ƒøXt"f;òtf;÷tfƒþotfƒþutfƒþxtfƒþXulf;Âtf;Çtƒøotƒøutƒøxt	ƒøXt3Éë3ÉAf;òt!f;÷tfƒþotfƒþutfƒþxt
fƒþXt3Àë3À@;ÈuH‹E‹@‹È3M÷Á


u53E¨ u.‹M‹	3À;M”Àë-;Ñu‹G‹MÁèÁé÷Ð÷Ñ3Á¨u3À@ë3Àë
3Éf;Æ”Á‹Á_^]ÃÌÌÌÌÌ‹ÿU‹ìö@@tƒx
tPÿuè
6

YY¹ÿÿ

f;Áuƒÿ]Ãÿ]ÃÌÌÌÌÌ‹ÿU‹ìQSV‹ð‹ÙèêÿÿöG@‹
‰Eüt
ƒ
uëOèêÿÿƒ 
ë-‹E·
P‹ÇKèÿÿÿƒEƒ>ÿYuèàéÿÿƒ8*uj?‹ÇèpÿÿÿY…ÛÏèÈéÿÿƒ8
u
è¾éÿÿ‹Mü‰^[ÉÃÌÌÌÌÌ‹ÿU‹ììÌ


¡`*3Å‰Eü‹ESV‹uW‹}ÿu3Ûõÿÿ‰½lõÿÿ‰…´õÿÿ‰Xõÿÿ‰¸õÿÿ‰tõÿÿ‰Põÿÿ‰hõÿÿè
¯ÿÿƒ¬õÿÿÿ‰põÿÿ;ûu*è?éÿÿÇ



èØèÿÿ8œõÿÿt
‹…˜õÿÿƒ`pýƒÈÿéÙ

;ótÒ‰„õÿÿ‰µ<õÿÿ‰¨õÿÿƒ½¨õÿÿu9¬õÿÿ„•

·ƒxõÿÿÿƒ*õÿÿÿƒ¬õÿÿÿ‰Œõÿÿ‰dõÿÿ‰Tõÿÿ‰
õÿÿ‰°õÿÿ‰µ€õÿÿ‰•ˆõÿÿf;Ó„.

ë‹•ˆõÿÿj_÷ƒ½„õÿÿ
‰µ€õÿÿŒ

BàfƒøXw·Â¶€P2
ƒàë3À‹dõÿÿkÀ	¶œp2
Áë‰dõÿÿƒû…ß


fƒ>%„Î


ƒ½¬õÿÿÿuZj
…põÿÿPVèZ÷ÿÿƒÄ…À~7‹…põÿÿfƒ8$u+ƒ½¨õÿÿ
uh@

…¼ùÿÿj
Pè÷6

ƒÄÇ…¬õÿÿ


ëƒ¥¬õÿÿ
‹•ˆõÿÿƒ½¬õÿÿubj
…põÿÿPVè÷öÿÿ‹põÿÿƒÄHƒ½¨õÿÿ
Q‰…*õÿÿ‰•€õÿÿu)…Àˆ°

fƒ9$…¦

ƒød

;…xõÿÿ~‰…xõÿÿ‹ò‹•ˆõÿÿÿ$Ïkƒû„w

ƒû‡;

ëåƒ½¨õÿÿ
u
ƒ½¬õÿÿ„#

ƒ½¨õÿÿ…

ƒ½¬õÿÿÿ…


é

3Àƒ°õÿÿÿ‰…Hõÿÿ‰…Põÿÿ‰…
õÿÿ‰…tõÿÿ‰…¸õÿÿ‰…hõÿÿéÒ

·Âƒè tJƒèt6ƒèt%+Çtƒè…³

ƒ¸õÿÿé§

ƒ¸õÿÿé›

ƒ¸õÿÿé

¸õÿÿ€


é€

	½¸õÿÿéu

fƒú*…Â


ƒ½¬õÿÿ
uƒ…´õÿÿ‹…´õÿÿ‹@üé„


j
…põÿÿPVèŽõÿÿ‹põÿÿƒÄHƒ½¨õÿÿ
Q‰•€õÿÿuN…ÀˆM

fƒ9$…C

ƒ½*õÿÿd6

;…xõÿÿ~‰…xõÿÿÀŒÅ¼ùÿÿƒ9
„Ú


ÿµ¸õÿÿj*jéö

À‹„ÅÀùÿÿ‹
‰…
õÿÿ…À»

ƒ¸õÿÿ÷
õÿÿé©

‹…
õÿÿkÀ
·ÊDÐ‰…
õÿÿéŽ

ƒ¥°õÿÿ
é‚

fƒú*…’


ƒ½¬õÿÿ
uƒ…´õÿÿ‹…´õÿÿ‹@üë:j
…põÿÿPVèžôÿÿ‹põÿÿƒÄHƒ½¨õÿÿ
Q‰•€õÿÿ„ÿÿÿÀ‹„ÅÀùÿÿ‹
‰…°õÿÿ…À

ƒ°õÿÿÿé	

Ç


j*Yf‰ŒÅÄùÿÿ‹¸õÿÿ‰ŒÅÈùÿÿéæ

‹…°õÿÿkÀ
·ÊDÐ‰…°õÿÿéË

·ÂƒøItWƒøhtFƒøltƒøw…°

¸õÿÿ


é¡

fƒ>lu÷¸õÿÿ


‰µ€õÿÿé„

ƒ¸õÿÿéx

ƒ¸õÿÿ él

·ƒø6ufƒ~4uƒÆ¸õÿÿ
€

‰µ€õÿÿéE

ƒø3ufƒ~2uƒÆ¥¸õÿÿÿÿÿ‰µ€õÿÿé!

ƒødtAƒøit<ƒøot7ƒøut2ƒøxt-ƒøXt(ƒ¥dõÿÿ
‹…lõÿÿRµ„õÿÿÇ…hõÿÿ


è™ùÿÿéÚ

¸õÿÿ


éÌ

·Âƒød•

„ˆ

ƒøSâ


„–


ƒèAt+Çtx+Çt+Ç…À	

ƒÂ Ç…Hõÿÿ


‰•ˆõÿÿƒ¸õÿÿ@ƒ½¬õÿÿ…¾

ƒ½¨õÿÿ
…±

ƒ½*õÿÿc‡ˆ

‹…*õÿÿÀŒÅ¼ùÿÿƒ9
…V

Ç


f‰”ÅÄùÿÿé2þÿÿ÷…¸õÿÿ0

uqƒ¸õÿÿ ëh÷…¸õÿÿ0

uƒ¸õÿÿ ‹°õÿÿƒûÿu»ÿÿÿ3ö9µ¬õÿÿ…%

ƒ…´õÿÿ‹…´õÿÿ‹@üé]

ƒèX„§

+Ç„ø


ƒè„2ÿÿÿ+Ç…×

ƒ½¬õÿÿ
Ç…hõÿÿ


uƒ…´õÿÿ‹…´õÿÿ·@üëJƒ½*õÿÿc‡*

‹…*õÿÿÀƒ½¨õÿÿ
u"ŒÅ¼ùÿÿƒ9
uÇ


é½

ÿµ¸õÿÿé

‹„ÅÀùÿÿ·
ö…¸õÿÿ ‰…LõÿÿtFˆ…\õÿÿ…õÿÿP‹…õÿÿÆ…]õÿÿ
ÿ°¬


…\õÿÿP…¼õÿÿPè‚/

ƒÄ…ÀyÇ…Põÿÿ


ëf‰…¼õÿÿ…¼õÿÿ‰…¤õÿÿÇ…Œõÿÿ


éð

ƒ½¬õÿÿ
uƒ…´õÿÿ‹…´õÿÿ‹@üë+ƒ½*õÿÿc‡Ñ

‹…*õÿÿÀƒ½¨õÿÿ
„ø


‹„ÅÀùÿÿ‹
…Àt:‹H…Ét3÷…¸õÿÿ


¿
‰¤õÿÿt™+ÂÇ…hõÿÿ


ép

ƒ¥hõÿÿ
éf

¡ *‰…¤õÿÿPè
íÿÿYéO

ƒøp

„ó

ƒøeŒ=

ƒøgŽ‡ýÿÿƒøi„Ï


ƒønt2ƒøo…

‹¸õÿÿÇ…ˆõÿÿ


„Û‰À


Ë


‰¸õÿÿé¯


ƒ½¬õÿÿ
uƒ…´õÿÿ‹…´õÿÿ‹püëDƒ½*õÿÿc‡Õ


‹…*õÿÿÀƒ½¨õÿÿ
uŒÅ¼ùÿÿƒ9
„ê

ÿµ¸õÿÿRWé<

‹„ÅÀùÿÿ‹0èÒ-

…À„‘


ö…¸õÿÿ tf‹…„õÿÿf‰ë‹…„õÿÿ‰Ç…Põÿÿ


é\

ƒ¸õÿÿ@Ç…ˆõÿÿ



‹¸õÿÿ3ö÷Ã
€

„’

9µ¬õÿÿ…N

‹´õÿÿƒÁ‰´õÿÿ‹Aø‹Qüé

ÿµ¸õÿÿRjQèAôÿÿƒÄ…À…Í

èãßÿÿÇ



è
ßÿÿ€½œõÿÿ
éžöÿÿƒ½°õÿÿ
½¼õÿÿ¸


‰½¤õÿÿ‰…Œõÿÿ}Ç…°õÿÿ


ëhufƒúgu`Ç…°õÿÿ


ëT9…°õÿÿ~‰…°õÿÿ»£


9°õÿÿ~9‹µ°õÿÿÆ]

VèÌ¿ÿÿ‹•ˆõÿÿY‰…Tõÿÿ…Àt‰…¤õÿÿ‰µŒõÿÿ‹øë‰°õÿÿƒ½¬õÿÿ
u‹…´õÿÿƒÀ‰…´õÿÿ‹Hø‰@õÿÿ‹@üë'ƒ½*õÿÿc‡ÿÿÿ‹…*õÿÿÀ‹„ÅÀùÿÿ‹‰@õÿÿ‹@‹5
‰…Dõÿÿ…õÿÿPÿµHõÿÿ¾Âÿµ°õÿÿPÿµŒõÿÿ…@õÿÿWPÿ5ªÿÖÿÐ‹¸õÿÿƒÄã€


tƒ½°õÿÿ
u…õÿÿPWÿ5œªÿÖÿÐYYfƒ½ˆõÿÿgu…Ûu…õÿÿPWÿ5˜ªÿÖÿÐYY€?-u¸õÿÿ


G‰½¤õÿÿWéóüÿÿÇ…°õÿÿ


Ç…Xõÿÿ


ë$ƒès„ûÿÿ+Ç„×ýÿÿƒè…#

Ç…Xõÿÿ'


ö…¸õÿÿ€Ç…ˆõÿÿ


„·ýÿÿj0Xf‰…`õÿÿ‹…XõÿÿƒÀQf‰…bõÿÿ‰½tõÿÿé’ýÿÿ‹…*õÿÿƒøc‡×ýÿÿÀ9µ¨õÿÿukŒÅ¼ùÿÿ91uÇ


éù

SRjéC

÷Ã


tU9µ¬õÿÿ„fýÿÿ‹…*õÿÿƒøc‡‹ýÿÿÀ9µ¨õÿÿuŒÅ¼ùÿÿ91uÇ


é*

SRjé÷


‹ŒÅÀùÿÿ‹‹QéF

öÃ „’


öÃ@tJ9µ¬õÿÿuƒ…´õÿÿ‹…´õÿÿ¿@üéÙ


‹…*õÿÿƒøc‡ýÿÿÀ9µ¨õÿÿ„Š


‹„ÅÀùÿÿ¿
é*


9µ¬õÿÿuƒ…´õÿÿ‹…´õÿÿ·@üé


‹…*õÿÿƒøc‡ÌüÿÿÀ9µ¨õÿÿtD‹„ÅÀùÿÿ·
ëjöÃ@th9µ¬õÿÿuƒ…´õÿÿ‹…´õÿÿ‹@üëK‹…*õÿÿƒøc‡ˆüÿÿÀ9µ¨õÿÿu)ŒÅ¼ùÿÿ91„«


SRjQè›ðÿÿƒÄ…À„ZüÿÿéL

‹„ÅÀùÿÿ‹
™ë>9µ¬õÿÿuƒ…´õÿÿ‹…´õÿÿ‹@üë"‹…*õÿÿƒøc‡ üÿÿÀ9µ¨õÿÿt˜‹„ÅÀùÿÿ‹
3ÒöÃ@t;Ö
;Æs÷ØƒÒ
÷Ú¸õÿÿ


÷…¸õÿÿ


‹Ú‹øu3Ûƒ½°õÿÿ
}&Ç…°õÿÿ


ë4Ç


f‰”ÅÄùÿÿ‰œÅÈùÿÿé¡

ƒ¥¸õÿÿ÷¸


9…°õÿÿ~‰…°õÿÿ‹ÇÃu!…tõÿÿµ»÷ÿÿ‹…°õÿÿÿ°õÿÿ…À‹ÇÃt-‹…ˆõÿÿ™RPSWèîÿÿƒÁ0‰8õÿÿ‹ø‹Úƒù9~XõÿÿˆNë½…»÷ÿÿ+ÆF÷…¸õÿÿ


‰…Œõÿÿ‰µ¤õÿÿ„


…Àt‹Î€90„þ


ÿ¤õÿÿ‹¤õÿÿÆ0@éã


‹…*õÿÿƒøc‡ãúÿÿÀ9µ¨õÿÿu+ŒÅ¼ùÿÿ91…úÿÿ‰9‹¸õÿÿf‰”ÅÄùÿÿ‰ŒÅÈùÿÿé¥


‹„ÅÀùÿÿ‹
ö…¸õÿÿ ‰…¤õÿÿtN;Æu¡ *‰…¤õÿÿƒ¥Œõÿÿ
‹µ¤õÿÿ…Û~mŠ„Àtgõÿÿ¶ÀQPèî(

YY…ÀtFFÿ…Œõÿÿ9Œõÿÿ
Ôë?9µ¤õÿÿu¡$*‰…¤õÿÿ‹…¤õÿÿÇ…hõÿÿ


ëKf90tÇ;Þuô+…¤õÿÿÑø‰…Œõÿÿƒ½¬õÿÿu
ƒ½¨õÿÿ
„À

ƒ½Põÿÿ
…—

‹…¸õÿÿ¨@t+©


tj-ë¨tj+ë¨tj Xf‰…`õÿÿÇ…tõÿÿ


‹
õÿÿ+Œõÿÿ+tõÿÿö…¸õÿÿ‰8õÿÿu(‹û…Û~"‹…lõÿÿj µ„õÿÿOèüîÿÿƒ½„õÿÿÿYt…ÿÞ‹½lõÿÿ‹tõÿÿ…`õÿÿP…„õÿÿèïÿÿö…¸õÿÿYt)ö…¸õÿÿu ëj0µ„õÿÿ‹ÇKè«îÿÿƒ½„õÿÿÿYt…Ûâƒ½hõÿÿ
uk‹Œõÿÿ…Û~a‹½¤õÿÿ…õÿÿP‹…õÿÿÿ°¬


…LõÿÿWPKè1&

ƒÄ‰…ˆõÿÿ…À~$ÿµLõÿÿ‹…lõÿÿµ„õÿÿè?îÿÿ½ˆõÿÿY…Û°ë!ƒ„õÿÿÿëÿµ¤õÿÿ‹Œõÿÿ…„õÿÿèFîÿÿYƒ½„õÿÿ

3ö…¸õÿÿt*‹½8õÿÿë‹…lõÿÿj µ„õÿÿOèãíÿÿƒ½„õÿÿÿYt…ÿÞƒ½Tõÿÿ
tÿµTõÿÿèõ¤ÿÿƒ¥Tõÿÿ
Y‹µ€õÿÿ·‰…ˆõÿÿf…À…aïÿÿƒ½dõÿÿ
t
ƒ½dõÿÿ…øÿÿƒ½¬õÿÿunƒ½¨õÿÿ
ue3ÿ9½xõÿÿ
[‹…´õÿÿµÀùÿÿ‹NüIt2It/It%It"It&II…Ã÷ÿÿ‰…´õÿÿPèì7

‹…´õÿÿYë‰ƒÀë‰ƒÀ‰…´õÿÿGƒÆ;½xõÿÿ~±ÿ…¨õÿÿƒ½¨õÿÿ}
‹µ<õÿÿ3ÛéVîÿÿ€½œõÿÿ
t
‹…˜õÿÿƒ`pý‹…„õÿÿ‹Mü_^3Í[è‚œÿÿÉÃ‹ÿ«[à[\o\V]b]^_ÌÌÌÌÌè*

…Àtjè§

YöP©tjh

@jèýÔÿÿƒÄjè6»ÿÿÌÌÌÌÌÌ‹ÿU‹ì‹M¡P©‹U#U÷Ñ#ÈÊ‰
P©]ÃÌÌÌÌÌ‹ÿU‹ì‹E£À¿]ÃÌÌÌÌÌ‹ÿU‹ììt

¡`*3Å‰EüS‹]V‹u3ÀW‹}ÿu´ûÿÿ‰µÔûÿÿ‰½èûÿÿ‰…¬ûÿÿ‰…øûÿÿ‰…Ðûÿÿ‰…ôûÿÿ‰…Üûÿÿ‰…°ûÿÿ‰…ØûÿÿèÝ›ÿÿ…öu+è)ÖÿÿÇ



èÂÕÿÿ€½Àûÿÿ
t
‹…¼ûÿÿƒ`pýƒÈÿéî


3À;ØtÏ·‰…äûÿÿ‰…ìûÿÿ‰…Äûÿÿ‰…¨ûÿÿ‰àûÿÿf;È„¥


j^Þ3À‰¤ûÿÿ9…äûÿÿŒv


QàfƒúXw
·Á¶€P2
ƒà‹•ÄûÿÿkÀ	¶„p2
jÁèZ‰…Äûÿÿ;Â„Qÿÿÿƒø‡


ÿ$…úw3Àƒôûÿÿÿ‰…*ûÿÿ‰…°ûÿÿ‰…Ðûÿÿ‰…Üûÿÿ‰…øûÿÿ‰…Øûÿÿéä	

·Áƒè tHƒèt4+Ât$+Ætƒè…º	

	•øûÿÿé»	

ƒøûÿÿé¯	

ƒøûÿÿé£	

øûÿÿ€


é”	

	µøûÿÿé‰	

fƒù*u+‹ƒÇ‰½èûÿÿ‰…Ðûÿÿ…À‰j	

ƒøûÿÿ÷ÐûÿÿéX" [127488 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\Run: [puush] => D:\Data\Toolz\puush\puush.exe [567880 2014-03-14] ()
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\Run: [Spybot-S&D Cleaning] => D:\Data\Toolz\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-1843127492-2866971718-3940101754-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-20] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E7184A47F73CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: haufereader - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{A7AFB675-BB88-478E-A8B7-8B72D2B6CA0A}: [NameServer]192.168.179.1
Tcpip\..\Interfaces\{F4459F9F-E811-4E77-8C48-E1A4A6AEC2E0}: [NameServer]208.67.222.222,192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\XXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: General Downloader plugin - C:\Users\XXXXX\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@generaldownloader.com [2011-10-11]
FF Extension: Lightbeam - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-01-15]
FF Extension: NO Google Analytics - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-01-15]
FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ic9mcqw5.default-1371518163302\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-04-01] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SbieSvc; D:\Data\Toolz\Sandboxie\SbieSvc.exe [94992 2011-11-23] (SANDBOXIE L.T.D)
R2 SDScannerService; D:\Data\Toolz\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Data\Toolz\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Data\Toolz\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VisualSVNServer; I:\VisualSVN Server\bin\VisualSVNServer.exe [24424 2011-10-10] (Apache Software Foundation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-17] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-08] (Wacom Technology, Corp.)
S2 Apache2.2; "I:\Apache\bin\httpd.exe" -k runservice [X]
S2 CLKMSVC10_22035577; "H:\f!3rce\Progz\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe" /svc [X]

==================== Drivers (Whitelisted) ====================

R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-10-12] (DT Soft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-22] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
S3 RivaTuner64; D:\Data\Toolz\RivaTuner\RivaTuner64.sys [19952 2011-10-30] ()
S3 SbieDrv; D:\Data\Toolz\Sandboxie\SbieDrv.sys [158336 2011-11-23] (SANDBOXIE L.T.D)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S2 AODDriver4.01; \??\D:\Data\Driverz\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\XXXXX\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X]
S1 nltdi; \??\D:\Data\Toolz\NetLimiter\nltdi.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-22 21:23 - 2014-06-22 21:23 - 00001287 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-06-22 21:18 - 2014-06-22 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 21:04 - 2014-06-22 21:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2014-06-22 20:54 - 2014-06-22 21:20 - 00001142 _____ () C:\Users\XXXXX\Desktop\MBAM.txt
2014-06-22 20:54 - 2014-06-22 20:57 - 00000000 ____D () C:\AdwCleaner
2014-06-22 01:28 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-06-22 01:28 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-06-22 01:28 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-06-22 01:28 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-06-22 01:27 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-06-21 16:24 - 2013-02-12 17:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-21 16:24 - 2013-02-12 17:37 - 03138048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-21 16:24 - 2013-02-12 17:31 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-06-21 16:24 - 2013-02-12 17:13 - 02691072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-21 16:24 - 2013-02-12 17:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-06-21 16:24 - 2013-02-12 15:59 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-21 16:24 - 2012-11-09 07:34 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-06-21 16:24 - 2012-11-09 06:49 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 01541120 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-06-21 16:24 - 2012-03-03 08:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-06-21 16:24 - 2012-03-03 07:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-06-21 16:24 - 2011-04-27 04:57 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-06-21 16:23 - 2012-11-09 07:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-06-21 16:23 - 2012-11-09 06:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-06-21 16:23 - 2010-12-23 08:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-06-21 16:23 - 2010-12-23 08:07 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-06-21 16:23 - 2010-12-23 08:02 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-06-21 16:23 - 2010-12-23 07:28 - 00850432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-06-21 16:23 - 2010-12-23 07:28 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-06-21 16:23 - 2010-12-23 07:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-06-21 16:22 - 2013-03-01 05:32 - 03150848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-21 16:22 - 2011-11-17 09:12 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-06-21 16:22 - 2011-11-17 07:39 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-06-21 16:22 - 2011-07-09 04:44 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-06-21 16:22 - 2011-05-04 04:51 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-06-21 16:22 - 2011-05-04 04:51 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-06-21 16:22 - 2010-11-02 07:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2014-06-21 16:22 - 2010-11-02 07:17 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2014-06-21 16:22 - 2010-11-02 07:17 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2014-06-21 16:22 - 2010-11-02 07:16 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-06-21 16:22 - 2010-11-02 07:10 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-06-21 16:22 - 2010-11-02 07:10 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2014-06-21 16:22 - 2010-11-02 06:40 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2014-06-21 16:22 - 2010-11-02 06:40 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2014-06-21 16:22 - 2010-11-02 06:34 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2014-06-21 16:22 - 2010-11-02 06:34 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2014-06-21 16:22 - 2009-09-03 09:36 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2014-06-21 16:22 - 2009-09-03 09:04 - 01320960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2014-06-21 16:21 - 2013-04-12 16:36 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-06-21 16:21 - 2012-06-09 07:30 - 14165504 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-21 16:21 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-21 16:20 - 2013-02-12 16:02 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-06-21 16:20 - 2013-01-04 07:41 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-21 16:20 - 2013-01-04 07:40 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-21 16:20 - 2013-01-04 07:37 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-21 16:20 - 2013-01-04 07:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-21 16:20 - 2013-01-04 07:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-21 16:20 - 2013-01-04 07:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-06-21 16:20 - 2013-01-04 07:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-21 16:20 - 2013-01-04 07:30 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-21 16:20 - 2013-01-04 07:30 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-21 16:20 - 2013-01-04 06:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-21 16:20 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 05:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-06-21 16:20 - 2013-01-04 04:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-21 16:20 - 2013-01-04 04:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-21 16:20 - 2013-01-04 04:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-21 16:20 - 2013-01-04 04:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-21 16:20 - 2013-01-04 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-21 16:20 - 2013-01-04 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-21 16:20 - 2012-12-07 07:41 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-06-21 16:20 - 2012-12-07 07:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-06-21 16:20 - 2012-12-07 07:04 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-06-21 16:20 - 2012-12-07 06:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-06-21 16:20 - 2012-12-07 05:45 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-06-21 16:20 - 2012-12-07 05:45 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-06-21 16:20 - 2012-12-07 05:21 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-06-21 16:20 - 2012-11-22 12:32 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-21 16:20 - 2012-11-22 11:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-21 16:20 - 2012-11-20 07:55 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-06-21 16:20 - 2012-11-20 07:10 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-06-21 16:20 - 2012-11-02 07:30 - 02001408 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-21 16:20 - 2012-11-02 07:30 - 01880064 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-21 16:20 - 2012-11-02 07:27 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-06-21 16:20 - 2012-11-02 06:50 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-21 16:20 - 2012-11-02 06:50 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-21 16:20 - 2012-11-02 06:48 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-06-21 16:20 - 2012-08-24 20:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-06-21 16:20 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-06-21 16:20 - 2012-08-02 19:55 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-06-21 16:20 - 2012-08-02 19:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-06-21 16:20 - 2012-06-02 07:38 - 00152432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-21 16:20 - 2012-06-02 07:38 - 00095088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-21 16:20 - 2012-06-02 07:37 - 00459216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-06-21 16:20 - 2012-06-02 07:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-21 16:20 - 2012-06-02 06:48 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-21 16:20 - 2012-06-02 06:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-21 16:20 - 2012-06-02 06:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-21 16:20 - 2012-04-26 07:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-06-21 16:20 - 2012-04-26 07:34 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-06-21 16:20 - 2012-04-26 07:28 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-06-21 16:20 - 2011-11-17 09:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-21 16:20 - 2011-11-17 09:11 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-21 16:20 - 2011-11-17 09:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-21 16:20 - 2011-11-17 09:08 - 01446912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-21 16:20 - 2011-11-17 09:05 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-21 16:20 - 2010-07-29 08:30 - 00082944 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2014-06-21 16:20 - 2010-06-19 08:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2014-06-21 16:20 - 2010-06-19 08:23 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2014-06-21 16:19 - 2012-08-11 02:53 - 00714752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-21 16:19 - 2012-08-11 01:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-21 16:19 - 2011-11-17 09:14 - 01739160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-06-21 16:19 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-06-21 16:19 - 2011-03-25 05:23 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-06-21 16:19 - 2011-03-25 05:23 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-06-21 16:19 - 2011-03-25 05:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-06-21 16:19 - 2011-03-25 05:22 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-06-21 16:19 - 2011-03-25 05:22 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-06-21 16:19 - 2011-03-25 05:22 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-06-21 16:19 - 2011-03-25 05:22 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-06-21 16:19 - 2011-03-11 08:23 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-06-21 16:19 - 2011-03-11 08:23 - 00187264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-21 16:19 - 2011-03-11 08:23 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-06-21 16:19 - 2011-03-11 08:23 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-06-21 16:19 - 2011-03-11 08:22 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-06-21 16:19 - 2011-03-11 08:22 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-06-21 16:19 - 2011-03-11 08:18 - 02566144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-06-21 16:19 - 2011-03-11 08:15 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-06-21 16:19 - 2011-03-11 07:39 - 01686016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-06-21 16:19 - 2011-03-11 07:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-06-21 16:19 - 2011-03-11 06:31 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-06-21 03:13 - 2012-12-16 18:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-06-21 03:13 - 2012-12-16 16:40 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-06-21 03:13 - 2012-12-16 16:25 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-06-21 03:13 - 2012-12-16 16:25 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-06-21 03:12 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-06-21 03:12 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-06-21 03:12 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-06-21 03:12 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-06-21 03:12 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-06-21 03:12 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-06-21 03:12 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-06-21 03:12 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-06-21 03:09 - 2012-03-01 08:54 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-06-21 03:09 - 2012-03-01 08:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-06-21 03:09 - 2012-03-01 08:35 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-06-21 03:09 - 2012-03-01 07:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-06-21 03:09 - 2012-03-01 07:40 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-06-20 19:44 - 2014-06-24 01:32 - 00000000 ____D () C:\FRST
2014-06-20 19:44 - 2011-10-15 08:25 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-06-20 19:44 - 2011-10-15 07:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-06-20 19:43 - 2012-05-02 07:32 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-06-20 19:43 - 2011-04-22 22:18 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-06-20 19:43 - 2010-08-21 08:38 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-06-20 19:43 - 2010-08-21 08:29 - 00558592 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-06-20 19:43 - 2010-08-21 07:36 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2014-06-20 19:43 - 2009-12-19 11:50 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-06-20 19:43 - 2009-12-19 11:47 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-06-20 19:43 - 2009-12-19 11:47 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-06-20 19:43 - 2009-12-19 11:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-06-20 19:43 - 2009-12-19 11:46 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2014-06-20 19:43 - 2009-12-19 11:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 _____ () C:\Users\XXXXX\defogger_reenable
2014-06-20 18:37 - 2012-04-28 05:50 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-06-20 18:37 - 2011-04-29 05:13 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-06-20 18:37 - 2011-04-29 05:12 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-20 18:37 - 2011-04-29 05:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-06-20 18:36 - 2011-08-17 07:32 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-06-20 18:36 - 2011-08-17 07:27 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-06-20 18:36 - 2011-08-17 07:27 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-06-20 18:36 - 2011-08-17 07:27 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-06-20 18:36 - 2011-08-17 07:27 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-06-20 18:36 - 2011-08-17 06:26 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-06-20 18:36 - 2011-08-17 06:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2014-06-20 18:36 - 2011-08-17 06:22 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-06-20 18:36 - 2011-08-17 06:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2014-06-20 18:36 - 2011-08-17 06:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2014-06-20 18:36 - 2010-08-31 06:32 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2014-06-20 18:36 - 2010-08-31 06:32 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2014-06-20 18:35 - 2010-10-16 07:23 - 00112000 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-06-20 18:35 - 2010-10-16 07:17 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-06-20 18:35 - 2010-10-16 06:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2014-06-20 18:32 - 2014-06-20 18:32 - 00022960 _____ () C:\ComboFix.txt
2014-06-20 18:23 - 2014-06-20 18:32 - 00000000 ____D () C:\ComboFix
2014-06-20 18:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 18:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 18:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 18:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 18:21 - 2014-06-20 18:32 - 00000000 ____D () C:\Qoobox
2014-06-20 18:20 - 2014-06-20 18:31 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 03:50 - 2011-12-28 05:59 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-20 03:50 - 2009-08-29 09:50 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-06-20 03:50 - 2009-08-29 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2014-06-20 03:42 - 2010-09-14 08:45 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-06-20 03:42 - 2010-09-14 08:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2014-06-20 03:40 - 2009-09-10 08:28 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-20 03:40 - 2009-09-10 07:52 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-20 03:30 - 2014-06-20 03:30 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2014-06-20 03:28 - 2014-06-20 03:28 - 01781224 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-06-20 03:02 - 2014-06-20 03:02 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-06-20 03:01 - 2010-03-04 06:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-06-20 00:42 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140620-004220.backup
2014-06-20 00:36 - 2014-06-20 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-20 00:35 - 2014-06-20 00:35 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-20 00:34 - 2014-06-20 03:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-20 00:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-19 23:30 - 2014-06-22 20:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 23:30 - 2014-06-19 23:30 - 00000802 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 23:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-19 23:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-19 23:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-19 23:17 - 2014-06-19 23:18 - 00000000 ____D () C:\OETemp
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\JAM Software
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-19 22:30 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-06-19 22:30 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-06-19 22:08 - 2010-08-04 09:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-06-19 22:08 - 2010-01-19 11:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-06-19 22:08 - 2010-01-19 11:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-06-19 22:08 - 2010-01-19 11:00 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-06-19 22:08 - 2010-01-19 11:00 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-06-19 22:08 - 2010-01-19 11:00 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-06-19 22:08 - 2010-01-19 01:29 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-06-19 22:08 - 2010-01-19 01:29 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-06-19 22:08 - 2010-01-19 01:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-06-19 22:08 - 2010-01-19 01:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-06-19 22:08 - 2010-01-19 01:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-06-19 22:08 - 2010-01-19 01:28 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-06-19 22:08 - 2010-01-19 01:28 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-06-19 22:08 - 2010-01-19 01:28 - 00277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-06-19 22:08 - 2009-10-19 16:46 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-06-19 22:08 - 2009-10-19 16:46 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-06-19 22:08 - 2009-10-19 16:10 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2014-06-19 22:08 - 2009-10-19 16:10 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-06-11 20:04 - 2014-06-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 20:37 - 2014-06-10 20:37 - 00001535 _____ () C:\Users\XXXXX\Documents\Ungefähre Liste.txt
2014-06-09 17:09 - 2014-06-09 18:07 - 00004891 _____ () C:\Users\XXXXX\Desktop\ai research notes.txt
2014-05-28 21:57 - 2014-05-28 22:00 - 00000568 __RSH () C:\Users\XXXXX\ntuser.pol
2014-05-27 18:59 - 2014-05-27 18:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-27 18:59 - 2014-05-27 18:59 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

==================== One Month Modified Files and Folders =======

2014-06-24 01:32 - 2014-06-20 19:44 - 00000000 ____D () C:\FRST
2014-06-24 01:05 - 2012-05-09 00:54 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 01:05 - 2012-05-09 00:54 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 00:59 - 2012-04-04 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 22:52 - 2011-06-22 21:03 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\vlc
2014-06-23 21:58 - 2010-11-06 23:23 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Skype
2014-06-23 18:18 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 18:18 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 18:11 - 2014-02-22 16:25 - 47301645 _____ () C:\Windows\setupact.log
2014-06-23 18:11 - 2011-01-11 21:32 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\TSVNCache
2014-06-23 18:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 21:23 - 2014-06-22 21:23 - 00001287 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-06-22 21:20 - 2014-06-22 20:54 - 00001142 _____ () C:\Users\XXXXX\Desktop\MBAM.txt
2014-06-22 21:18 - 2014-06-22 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 21:04 - 2014-06-22 21:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2014-06-22 21:04 - 2014-04-03 19:42 - 00000000 ____D () C:\Program Files\Tablet
2014-06-22 20:58 - 2011-01-13 19:32 - 00082560 _____ () C:\Windows\PFRO.log
2014-06-22 20:57 - 2014-06-22 20:54 - 00000000 ____D () C:\AdwCleaner
2014-06-22 20:24 - 2014-06-19 23:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-22 14:38 - 2009-07-14 06:45 - 00319592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-22 05:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-22 03:10 - 2010-10-24 13:32 - 02001246 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 15:03 - 2013-04-06 17:36 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-21 13:14 - 2010-10-24 16:29 - 00072624 _____ () C:\Users\XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 13:10 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-21 03:14 - 2011-01-11 19:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-21 01:00 - 2012-05-09 00:54 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 01:00 - 2012-05-09 00:54 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 23:04 - 2012-05-04 18:00 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Downloaded Installations
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 _____ () C:\Users\XXXXX\defogger_reenable
2014-06-20 19:33 - 2010-10-24 15:20 - 00000000 ____D () C:\Users\XXXXX
2014-06-20 18:32 - 2014-06-20 18:32 - 00022960 _____ () C:\ComboFix.txt
2014-06-20 18:32 - 2014-06-20 18:23 - 00000000 ____D () C:\ComboFix
2014-06-20 18:32 - 2014-06-20 18:21 - 00000000 ____D () C:\Qoobox
2014-06-20 18:32 - 2011-11-02 21:15 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-06-20 18:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-20 18:31 - 2014-06-20 18:20 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 18:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 17:53 - 2012-04-22 18:09 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
2014-06-20 17:47 - 2011-09-01 23:16 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-20 15:01 - 2011-01-11 19:49 - 00000000 ____D () C:\Users\XXXXX\Documents\Visual Studio 2008
2014-06-20 14:56 - 2011-01-15 20:16 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\VisualAssist
2014-06-20 03:44 - 2014-06-20 00:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-20 03:34 - 2011-01-11 20:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-06-20 03:32 - 2011-01-11 20:02 - 01626404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-20 03:32 - 2009-07-14 19:58 - 00749328 _____ () C:\Windows\system32\perfh007.dat
2014-06-20 03:32 - 2009-07-14 19:58 - 00169602 _____ () C:\Windows\system32\perfc007.dat
2014-06-20 03:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-06-20 03:30 - 2014-06-20 03:30 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2014-06-20 03:28 - 2014-06-20 03:28 - 01781224 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-06-20 03:27 - 2012-05-13 18:15 - 00008947 _____ () C:\Windows\IE9_main.log
2014-06-20 03:26 - 2009-07-14 07:13 - 00077818 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 03:02 - 2014-06-20 03:02 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-06-20 00:36 - 2014-06-20 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-20 00:35 - 2014-06-20 00:35 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-20 00:34 - 2014-06-20 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-19 23:30 - 2014-06-19 23:30 - 00000802 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 23:30 - 2014-06-19 23:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 23:19 - 2013-12-10 00:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-19 23:18 - 2014-06-19 23:17 - 00000000 ____D () C:\OETemp
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\JAM Software
2014-06-19 23:07 - 2014-06-19 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-19 22:50 - 2012-03-10 18:42 - 00000000 ____D () C:\Fraps
2014-06-12 18:38 - 2012-05-02 23:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 20:04 - 2014-06-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 20:37 - 2014-06-10 20:37 - 00001535 _____ () C:\Users\XXXXX\Documents\Ungefähre Liste.txt
2014-06-09 18:07 - 2014-06-09 17:09 - 00004891 _____ () C:\Users\XXXXX\Desktop\ai research notes.txt
2014-05-28 22:00 - 2014-05-28 21:57 - 00000568 __RSH () C:\Users\XXXXX\ntuser.pol
2014-05-28 21:56 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-27 18:59 - 2014-05-27 18:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-27 18:59 - 2014-05-27 18:59 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-27 18:59 - 2011-01-12 20:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-27 18:59 - 2011-01-12 20:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-26 19:49 - 2014-05-15 19:40 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-05-26 18:41 - 2010-11-06 23:23 - 00000000 ___RD () C:\Program Files (x86)\Skype

Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-21 19:09

==================== End Of Log ============================

--- --- ---

schrauber · 24.06.2014, 17:26

Die Screenshots sind allesamt falsch

Du sollst den winsxs Ordner aufklappen bis zum untersten Teil. Du siehst doch dass dieser schwarz hinterlegt ist und 8GB hat. Ich will wissen was in diesem Ordner diesen Platz brauch

ecreif · 24.06.2014, 23:51

Der erste Screenshot von meinem letzten Post zeigt doch schon den aufgeklappten winsxs ordner.

Den ganzen Ordner vollständig aufgeklappt darstellen mit einem Screenshot wird schwierig, der enthält tausende Ordner. Also zeigt der erste Screenshot nach Größe sortiert die größten Unterordner. Aber ich hab es mal versucht.
Jetzt ist die Frage welche weiteren Ordner interessant zu sehen sind.
- winsxs\Backup(500MB) enthält wieder tausende kleine Dateien die größten davon ~30MB
- amd_microsoft_windows_blabla_random_stuff (300MB) enthält hunderte dlls. Die größten ~11MB

Zusammengerechnet können die Unterordner aber kaum 8GB erreichen. Was sich auch mit der Aussage von Microsoft deckt, dass die winsxs Ordnergröße gar nicht die echt belegte ist, da er verlinkte Ordner in die Berechnung mit einfließen lässt. Nach meiner Schätzung durch zusammenrechnen und überschlagen der Unterordner ist die echte Größe maximal 2GB - 2,5GB

Zudem scheine ich seit gestern wieder ~300MB verloren zuhaben, aber wenn ich die Screenshots vergleiche haben sich winsxs, system32, SysWOW64, assembly nicht signifikant geändert. Das heißt es ist wahrscheinlich ein anderer Ordner bzw Datei.

Ich hab mal noch ein paar mehr Screenshots angefügt die ich auch noch für möglicherweise relevant halte. Aber es scheint mir als ob der Speicher irgendwo versteckt belegt wird. Das müssen mindestens 2-4GB sein die einfach fehlen(Mindestens soviel hab ich ständig freigemacht und wieder verloren in der Zeit).

C Hat übrigens eine echte verfügbare größe von 29,2GB

Bei einer angenommenen echten Größe von 2GB des winxsxs Ordners komm ich über Treesize überschlagen(und aufgerundet) auf 27GB Verbrauchten Platz. Also irgendwo sind mindestens 2GB hin komplett verschwunden.

schrauber · 25.06.2014, 18:21

Wenn der nicht 8GB hat gehen mir so langsam aber auch die Ideen aus. Was hat denn noch viel Speicherplatz? KLap ach mal den WIndows Ordner auf, nicht das Schattenkopien oder WIederherstellungspunkte zu viel sind.

svchost.exe 100% Auslastung, C-Laufwerk läuft voll

Log-Analyse und Auswertung: svchost.exe 100% Auslastung, C-Laufwerk läuft voll