Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   JS:Trojan.JS.Iframe.DH (Virus) (https://www.trojaner-board.de/133998-js-trojan-js-iframe-dh-virus.html)

Tklr 21.04.2013 12:29
JS:Trojan.JS.Iframe.DH (Virus)
 
Hallo zusammen ich hatte bereits vor kurzer Zeit einen Virus und der wurde bereinigt soweit man mir dies Mitgeteilt hat hier den Link dazu : http://www.trojaner-board.de/133800-...t-warnung.html
Nun habe ich Heute meine Antivirensoftware laufen lassen und da tauchten 9 Viren auf ! Hier der Logfile :
Code:
Ergebnis: 9 Malware gefunden
JS:Trojan.JS.Iframe.DH (Virus) •C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YHJ82F0C\header[1].htm Aktion: unter Quarantäne
•C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YHJ82F0C\menschen[1].htm Aktion: unter Quarantäne
•C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUR51UWL\spanien[1].htm Aktion: unter Quarantäne
•C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K2GHX90G\uebermich[1].htm Aktion: unter Quarantäne
•C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JVXYQTN6\ausruestung[1].htm Aktion: unter Quarantäne
•C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E1TIR82M\main[1].htm Aktion: unter Quarantäne
•C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DDCN55AT\florian[1].htm Aktion: unter Quarantäne
•C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BW65WXR6\florian2[1].htm Aktion: unter Quarantäne
•C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZC6PHPK\wolfgang-andre_net[1].htm Aktion: unter Quarantäne
Und diese Dateien konnten nicht geöffnet werden:
Code:
Aktionen: •Desinfiziert: 0
•Umbenannt: 0
•Gelöscht: 0
•In Quarantäne: 9
•Fehlgeschl.: 0
 Boot-Sektoren: •Gescannt: 3
•Infiziert: 0
•Verdächtige Elemente: 0
•Desinfiziert: 0
 Dateien, nicht gescannt: •Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\HIBERFIL.SYS
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\PAGEFILE.SYS
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\TASKS\GOOGLEUPDATETASKMACHINEUA.JOB
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\TASKS\GOOGLEUPDATETASKMACHINECORE.JOB
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\SYSTEM32\SYSPREP\PANTHER\IE\DIAGERR.XML
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\SYSTEM32\SYSPREP\PANTHER\DIAGERR.XML
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\SYSTEM32\SYSPREP\PANTHER\DIAGWRN.XML
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\SYSTEM32\SYSPREP\PANTHER\IE\DIAGWRN.XML
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\PLA\SYSTEM\SYSTEM PERFORMANCE.XML
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\PLA\SYSTEM\SYSTEM DIAGNOSTICS.XML
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\PANTHER\UNATTENDGC\DIAGERR.XML
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\WINDOWS\PANTHER\UNATTENDGC\DIAGWRN.XML
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\USERS\PUBLIC\DESKTOP\DESKTOP.INI
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\USERS\DAVID\APPDATA\LOCAL\MICROSOFT\WINDOWS\WEBCACHE\WEBCACHEV01.TMP
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\PROGRAMDATA\MICROSOFT\WLSETUP\CABLOGS\LOGS.CAB
Ich hab noch was entdeckt, wenn ich IE nutzen will muss ich es ständig als Admin ausführen ansonsten kann ich die URL zwar eintippen aber danach geschieht einfach nichts.
Und wenn ich auf verschiedenen Seiten gehe, kommt immer die Sicherheitswarnung, ich hab nun angeklickt ''nicht mehr anzeigen''.

Ich weiss nicht, ob es irgendeinen Zusammenhang mit dem gibt : http://www.trojaner-board.de/132736-...-homepage.html aber er heisst Wolfgang und hat auch etwas zutun mit Florian und habe mal seine Seite besucht.

Der OTL LOGFILE
Code:
OTL logfile created on: 21.04.2013 13:48:04 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\David\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.96 Gb Total Physical Memory | 13.83 Gb Available Physical Memory | 86.66% Memory free
31.91 Gb Paging File | 29.55 Gb Available in Paging File | 92.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 212.34 Gb Total Space | 58.55 Gb Free Space | 27.57% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 994.97 Gb Free Space | 53.41% Space Free | Partition Type: NTFS
Drive E: | 538.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.20 19:52:32 | 001,019,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
PRC - [2013.04.20 19:52:32 | 000,622,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
PRC - [2013.04.16 14:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2013.03.29 21:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Games\Steam\Steam.exe
PRC - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.03.24 00:32:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.27 17:05:10 | 000,169,464 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2012.12.07 19:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.11.26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Internet Security\fshoster32.exe
PRC - [2012.10.26 17:17:52 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012.10.18 18:44:00 | 000,310,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSM32.EXE
PRC - [2012.10.18 18:44:00 | 000,208,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.06 14:53:14 | 000,061,176 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Internet Security\apps\CCF_Reputation\fsorsp.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.22 04:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
PRC - [2012.01.21 01:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.01.21 01:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.01.20 20:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.01.04 21:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.30 05:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.29 21:53:56 | 001,114,024 | ---- | M] () -- D:\Games\Steam\bin\chromehtml.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- D:\Games\Steam\bin\libcef.dll
MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- D:\Games\Steam\SDL2.dll
MOD - [2013.02.14 21:47:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 18:21:30 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll
MOD - [2013.01.10 18:21:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll
MOD - [2013.01.10 17:37:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 17:37:36 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 17:37:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 17:37:26 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 17:37:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 17:37:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 17:37:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.27 17:05:10 | 000,169,464 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- D:\Games\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- D:\Games\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- D:\Games\Steam\bin\avutil-51.dll
MOD - [2012.12.06 18:41:55 | 000,593,464 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
MOD - [2012.10.18 18:43:52 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\FSGUI\strres.eng
MOD - [2012.10.18 18:43:52 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\FSGUI\fsavures.eng
MOD - [2012.02.22 04:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.02.07 05:20:13 | 002,413,568 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
MOD - [2011.08.10 07:43:19 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
MOD - [2011.04.12 09:14:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
MOD - [2011.04.11 14:53:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.03.21 13:33:17 | 000,999,424 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2011.01.09 14:45:55 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
MOD - [2010.12.02 11:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.01 14:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
MOD - [2010.09.20 08:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
MOD - [2010.09.20 08:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.24 00:32:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.07 19:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.11.26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Internet Security\fshoster32.exe -- (fshoster)
SRV - [2012.10.26 17:17:52 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012.10.18 18:44:00 | 000,208,592 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.06 14:53:14 | 000,061,176 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Internet Security\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.21 01:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.01.21 01:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.01.20 20:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.04.20 20:02:28 | 000,200,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2013.04.20 19:52:32 | 000,062,744 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2013.04.20 19:49:26 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2013.01.30 13:07:50 | 000,071,680 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\fsni64.sys -- (fsni)
DRV - [2012.10.18 18:43:44 | 000,014,032 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1000\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://wiki-de.guildwars2.com/wiki/Hauptseite
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 67 93 05 E2 39 CD 01  [binary data]
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\..\SearchScopes,DefaultScope = {656EEDB6-144F-4032-AD21-5E56E62BD89A}
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\..\SearchScopes\{656EEDB6-144F-4032-AD21-5E56E62BD89A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 37.72.0.152:8080
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2013.04.17 17:58:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [F-Secure Hoster (45119)] C:\Program Files (x86)\Internet Security\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1668196811-2101089870-2358843871-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1668196811-2101089870-2358843871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1668196811-2101089870-2358843871-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D64ED55-9009-44CC-92C1-CD6C5FF38594}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71AA843D-E2C0-44D9-916C-5D910665E580}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.14 16:14:39 | 000,000,235 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.09.27 14:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation) - E:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.20 19:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Security
[2013.04.20 19:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2013.04.20 19:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure uninstallationtool
[2013.04.20 19:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.04.20 19:24:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.04.20 19:10:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.19 16:41:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.19 16:40:55 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.18 16:02:04 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013.04.17 17:56:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.17 17:51:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.16 16:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.16 16:12:32 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\mbar-1.05.0.1001
[2013.04.16 14:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013.04.16 14:34:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\David\Desktop\HiJackThis204.exe
[2013.04.05 19:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2013.04.04 20:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2013.04.04 18:39:37 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Games for Windows - LIVE Demos
[2013.04.04 18:20:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.04.04 18:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013.04.04 18:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.04.04 18:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zuxxez
[2013.03.26 21:01:38 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Criterion Games
[2013.03.26 18:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™ Most Wanted
[2013.03.23 23:27:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\PunkBuster
[2013.03.23 23:27:08 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Battlefield 3
[2013.03.23 18:38:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013.03.23 18:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.03.23 18:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013.03.23 01:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.23 01:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.21 13:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.21 10:14:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.21 10:13:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.21 10:13:57 | 4259,778,558 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.20 20:11:05 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.20 19:49:26 | 000,042,672 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2013.04.20 19:49:20 | 000,019,653 | ---- | M] () -- C:\Windows\prodsett_copy.ini
[2013.04.20 19:47:06 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Launch Pad.lnk
[2013.04.20 17:56:29 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.04.20 17:56:29 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.16 14:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013.04.16 14:53:22 | 000,000,000 | ---- | M] () -- C:\Users\David\defogger_reenable
[2013.04.16 14:34:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\David\Desktop\HiJackThis204.exe
[2013.04.04 20:17:31 | 000,000,510 | ---- | M] () -- C:\Users\David\Desktop\Age of Empires III - Verknüpfung.lnk
[2013.04.04 19:34:02 | 000,000,136 | ---- | M] () -- C:\Users\David\Desktop\Battle vs. Chess - Verknüpfung.lnk
[2013.04.04 15:15:58 | 000,000,205 | ---- | M] () -- C:\Users\David\Desktop\Portal 2.url
[2013.03.26 18:57:22 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2013.03.24 12:20:17 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.03.24 00:32:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.23 18:17:12 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.03.23 01:21:24 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.20 20:11:05 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.20 19:49:26 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2013.04.20 19:47:06 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Launch Pad.lnk
[2013.04.16 14:53:22 | 000,000,000 | ---- | C] () -- C:\Users\David\defogger_reenable
[2013.04.04 20:17:31 | 000,000,510 | ---- | C] () -- C:\Users\David\Desktop\Age of Empires III - Verknüpfung.lnk
[2013.04.04 19:34:02 | 000,000,136 | ---- | C] () -- C:\Users\David\Desktop\Battle vs. Chess - Verknüpfung.lnk
[2013.04.04 14:58:07 | 000,000,205 | ---- | C] () -- C:\Users\David\Desktop\Portal 2.url
[2013.03.26 18:57:22 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2013.03.23 23:27:12 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.03.23 18:17:12 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.12.06 18:52:56 | 000,019,653 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.08.15 18:35:18 | 000,000,859 | ---- | C] () -- C:\Users\David\AppData\Local\recently-used.xbel
[2012.06.01 17:10:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2012.05.30 21:18:07 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.30 21:18:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.25 18:19:50 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
[2012.05.24 21:07:46 | 005,831,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.27 00:13:13 | 000,056,788 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.04.27 00:12:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.04.27 00:12:18 | 000,040,227 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.01.11 05:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.03 23:58:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.minecraft
[2012.12.25 01:45:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HTC
[2012.12.25 01:45:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HTC Sync
[2013.01.24 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Origin
[2012.08.16 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PhotoScape
[2012.05.30 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PunkBuster
[2012.06.07 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SecondLife
[2013.04.21 13:07:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TS3Client
[2012.05.31 18:30:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Ubisoft
[2012.12.25 03:42:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012.12.25 13:04:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >
OTL hat irgendwie keinen Extra LogFile angelegt o.o
Und der Malwarebyte Log :
Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
David :: DAVID-PC [administrator]

21.04.2013 13:56:19
mbar-log-2013-04-21 (13-56-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30478
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Was soll ich nun machen :p?

Mit dem P.c ist doch noch nicht alles i.o oder?

t'john 21.04.2013 18:02
:hallo:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Tklr 21.04.2013 19:06
Der PC wurde ein Mal neugestartet:
Code:
# AdwCleaner v2.200 - Datei am 21/04/2013 um 20:04:21 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : David - DAVID-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\David\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [881 octets] - [19/04/2013 16:48:52]
AdwCleaner[S2].txt - [622 octets] - [21/04/2013 20:04:21]

########## EOF - C:\AdwCleaner[S2].txt - [681 octets] ##########
Ich wollte nach Dateien die im Logstehen Googeln und da passiert das Merkwürdige : Beim Einfügen der Datei z.b : C:\32788R22FWJFW in der Adresszeile, kommen keine Google Treffer. Stattdessen wird der Ordner geöffnet. Dies geschieht irgendwie mit allen Dateien die ich in die Adresszeile einfüge.

t'john 21.04.2013 19:58

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
[2013.04.18 16:02:04 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Sehr gut! :daumenhoc

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Tklr 21.04.2013 20:09
Ich schreibe dir von meinem handy,da ich ie nicht öffnen kann und keinen amderen browser habe

Bzw ie bleibt weiss wenn ich es öffne!

So nach einem Neustart funktioniert IE wieder den OTL log hab ich nicht, da ich den PC neugestartet wurde und das Logfile nicht gespeichert wurde. Es stand aber, dass die Datei gelöscht worden ist. Ich habe sicherheitshalber F-Secure laufen lassen und nun sind nur noch 6 Dateien nicht geöffnet worden :
Code:
Statistiken
 Gescannt: •Dateien: 110673
•Nicht gescannt: 6
 Ergebnis: •Viren: 0
•Spyware: 0
•Verdächtige Elemente: 0
•Riskware: 0
 Aktionen: •Desinfiziert: 0
•Umbenannt: 0
•Gelöscht: 0
•In Quarantäne: 0
•Fehlgeschl.: 0
 Boot-Sektoren: •Gescannt: 3
•Infiziert: 0
•Verdächtige Elemente: 0
•Desinfiziert: 0
 Dateien, nicht gescannt: •Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\HIBERFIL.SYS
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\PAGEFILE.SYS
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\USERS\DAVID\APPDATA\LOCAL\TEMP\~DF2F8B3B464EE43AAC.TMP
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\USERS\DAVID\APPDATA\LOCAL\TEMP\~DFA1CB0C606719D9C3.TMP
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\USERS\DAVID\APPDATA\LOCAL\TEMP\~DFBDCAADCA6EB843A4.TMP
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\USERS\DAVID\APPDATA\LOCAL\TEMP\~DFF08C50F47200AB13.TMP
asw kann ich nicht downloaden. Hatte auch letztes Mal dieses Problem. http://www.trojaner-board.de/133800-...t-warnung.html

Soll ich den Schritt mit asw überspringen?

soll ich aswmbr von hier downloaden? aswMBR

''http ://public.avast.com/~gmerek/aswMBR.htm

Von dort kann ich es auch nicht runterladen es erscheint immer die gleiche Fehlermeldung:
Die Website hat die Anzeige dieser Webseite abgelehnt

HTTP 403


Wahrscheinlichste Ursachen:
•Diese Website erfordert, dass Sie sich anmelden.


Mögliche Vorgehensweise:



Gehen Sie zur vorherigen Seite.



Weitere Informationen Weitere Informationen

Heute habe ich wieder einen Scan ausgeführt und nur diese Dateien konnten nicht geöffnet werden: •Nicht gescannt: 3
Ergebnis: •Viren: 0
•Spyware: 0
•Verdächtige Elemente: 0
•Riskware: 0
Aktionen: •Desinfiziert: 0
•Umbenannt: 0
•Gelöscht: 0
•In Quarantäne: 0
•Fehlgeschl.: 0
Boot-Sektoren: •Gescannt: 3
•Infiziert: 0
•Verdächtige Elemente: 0
•Desinfiziert: 0
Dateien, nicht gescannt: •Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\PAGEFILE.SYS
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\HIBERFIL.SYS
•Datei (Klicken Sie hier, um weitere Informationen zu erhalten) kann nicht geöffnet werden C:\USERS\DAVID\APPDATA\LOCAL\TEMP\~DFDB66D5EA41FE9FE0.TMP

Moin :D könnte ich meinen Rechner neu aufsetzen/formatieren um ihn dann sauber zu bekommen? Und was soll ich da beachten?

t'john 22.04.2013 17:09
Zitat:
Moin :D könnte ich meinen Rechner neu aufsetzen/formatieren um ihn dann sauber zu bekommen? Und was soll ich da beachten?
Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

Tklr 22.04.2013 21:05
Da melde ich mich wieder :D Ich habe den PC neuaufgesetzt und meinen Virenscan laufen lassen. Da wurde trackingcookie.atdmt als Spyware entdeckt. Wie ist das möglich? Ich habe beim neuaufsetzten alle Festplatten formatiert und gelöscht. In manchen Foren ist von einem ''ungefährlichen'' Cookie die Rede. Andere Foren hingegen behaupten das Gegenteil. Was nun?

t'john 23.04.2013 10:46
Cookies sind kleine Text-Dateien und vollkommen harmlos!

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Tklr 23.04.2013 14:35
Code:
Results of screen317's Security Check version 0.99.62 
  x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Computer Security 
Windows Defender   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome 11.0.696.77 
 Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent```````` 
 Internet Security apps ComputerSecurity Anti-Virus\FSGK32.EXE
 Internet Security apps ComputerSecurity Anti-Virus\fssm32.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

t'john 23.04.2013 20:10
Ales bestens!


Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

Tklr 23.04.2013 20:21
Oka vielen dank john. Nur noch eine kirze frage, mei pc ist nach dem aufsetzen ziemlich langsam. Woran kann das liegen? Ich habe die cd mit dem treibern bereits eingelegt.

t'john 24.04.2013 13:34
Zitat:
Ich habe die cd mit dem treibern bereits eingelegt.
wie alt ist die CD?

Wurden alle Kompnenten deines Rechners richtig erkannt?

Screenshot bitte machen: Unknown Device Identifier - Download - Filepony

Tklr 25.04.2013 15:11
Die CD ist von letztem Jahr ( Habe den PC auch seit einem Jahr) Beim Device Finder, zeigt er mir nichts rotes an.

t'john 26.04.2013 11:40
Hast du neuaufgesetzt mit vorherigem Formatieren oder Recovery benutzt?


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Tklr 26.04.2013 18:14
Ich habe die recovery cd , da ich nur die habe. Ich habe jedoch alle festplatten gelöscht & formatiert.

t'john 27.04.2013 15:04
OTL Logs?

Tklr 27.04.2013 15:15
Auf meinem Rechner, auf dem Admin-Benutzer ist irgendwie eine Internet Verknüpfung : Huntersoft Free Download , die einen nach zhangduo..com verlinkt. K.a was das ist. Hier die Logs von OTL:
Code:
OTL Extras logfile created on: 27.04.2013 16:11:37 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\David\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 14,46 Gb Available Physical Memory | 90,65% Memory free
109,71 Gb Paging File | 107,89 Gb Available in Paging File | 98,34% Paging File free
Paging file location(s): c:\pagefile.sys 48000 48000z:\pag [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,57 Gb Total Space | 116,66 Gb Free Space | 52,18% Space Free | Partition Type: NTFS
Drive Z: | 1862,92 Gb Total Space | 1800,17 Gb Free Space | 96,63% Space Free | Partition Type: NTFS
 
Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D739A60-FF0A-4B90-8B5E-BE23BE76D8D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{322D149A-D65C-47C2-9287-01D6EC6AFC53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3AEB267A-44D1-4FC1-B636-60E1A576E398}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{658CE280-01E2-42EC-801B-B5535425034F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{670E2FDC-E08F-434F-B67A-37DDC32B63E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7076DB55-246D-44D6-BC34-36EA8664C2CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{965BD8C4-32A4-493F-91AC-DCB73241B25F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CD50330D-4331-4F91-BA8E-3535658CA753}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9DF2709-AB63-4CC7-86B0-21EEA824CF1E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017EEB5D-56CD-4F93-A241-0C63F4AF44A1}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{026D79EF-0945-42BE-B8D6-E25F707C92DC}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{04577FFC-3F07-4E86-88A7-71F80488F573}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{08A46FC5-B678-4017-B150-797992C71FDB}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{0AD9F18F-9730-43F1-9035-9E21F4B20669}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{0B8BE8F2-B8D3-4A5D-9E3F-B3125DC1270C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{1622066D-C694-4A1D-8DCB-F7D1117CFD3E}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{16DEA610-06F3-4747-A744-1FB9E1330017}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{22F5CE49-C985-4349-A8E3-A9F2332F8415}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{294E5E47-8705-4E3A-8424-8DC2901E529E}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{2A70403E-131A-4028-96FE-4516F69AEFDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AB2F8C4-AB08-45C3-8738-84DEFB158B8A}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{2EF9BC5A-8391-4F3E-AFE8-51FCC100725B}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{3A276451-4A68-4C96-9FF8-4D3D1FB27C8B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3DFC448B-F4C7-4389-94E5-15C805604E89}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{3E32BF95-995B-4384-AC63-BA67786B5C41}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{447E8F2C-3FFE-4C61-8138-06B8A505488B}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{49955076-663C-4D57-816A-945D8F513600}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{4F914C2E-2BFA-4161-8337-E2FE55AB9532}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{50E86413-1AD2-4F8F-AE22-1801C5CAF019}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{51D2EB6A-7780-4393-865D-5F9183DB7E78}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{520BF61F-8C2E-4CB7-9395-3F416887A405}" = dir=out | name=windows_ie_ac_001 |
"{52ADF0B9-ABB8-4F69-9F46-CD3647FCF289}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{53D434EB-9801-4947-BDDD-F4230981E571}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5AB58875-5663-44AF-8EEF-C96FE7696A6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6759A977-9816-4DAD-85A0-5B7B3CC8525B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6D986DEA-0A0F-45DA-A155-57EEF0C5B02F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F759243-04FD-46F1-8E54-C17FA0C3315F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B339695-85C7-4F2A-8326-755EAC5CAF9C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8045A04E-EEF0-4D1A-9A48-351379BEAC6A}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{83334A0B-7FF5-4718-8E7F-43E326B1256F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{83F0298B-706E-4E57-95BC-52D2AA0C6153}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9446B13F-EDC6-45A7-998A-264B81098159}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{95C5DA98-9C1F-40AF-8E18-8A97A2BDA584}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{96C4BD3D-D54A-46F9-9CDC-20F60AF53F73}" = protocol=6 | dir=out | app=system |
"{AD613D82-F908-4B54-9A7C-D9E497210220}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AFDCDDCF-3CA4-42D4-BA99-A5A9AABF3238}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{B1B31A5C-5316-43A5-941D-95DCB2A79B50}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{B3A215D1-C3FB-48C0-BFF8-098A26FA89B5}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{C68D90D8-434E-4495-B9CA-7DD07BEA33AD}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{C9D563CD-A175-494D-BD3C-2B0D98B685D4}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{C9E8E1DD-0E86-4CC9-8E87-5150FBDA01DF}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CE67235F-8832-438A-A646-FCC9CE8D48D7}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D18DD649-DCE2-498D-93D0-F4A22C0A3D5B}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{D1DD34AF-844D-4A33-B69C-29103A7213D4}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D3122068-3C5A-46AC-A868-C0E35B22954E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2C37CE9-94E3-49BA-B5EB-F5D9358BF67F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E749CD6B-810A-4B39-98D2-F0E9F12D9598}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EBE4AA47-4FB7-43EF-B98D-B1F7E43170C5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{EF4312F7-0095-4EFC-87E5-97E15F5B38C6}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{F491A98B-8BF7-4BE9-ABEA-090BEC58B62E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{FD937DDC-8C1A-4638-8C9A-D2A61031C1C3}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"TCP Query User{0C59C4A9-846D-4001-BA32-C1AE65F24163}Z:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=z:\games\guild wars 2\gw2.exe |
"TCP Query User{E12B4F8B-776E-45C7-B078-540CD2DAC385}C:\users\david ii\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\david ii\appdata\local\temp\gw2.exe |
"UDP Query User{54B09676-6B46-4129-AFBD-814860C9C779}Z:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=z:\games\guild wars 2\gw2.exe |
"UDP Query User{AB86E0B0-29A9-47A8-ABD3-D71D71B87151}C:\users\david ii\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\david ii\appdata\local\temp\gw2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 300.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"Unknown Device Identifier_is1" = Unknown Device Identifier 8.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19522497-1DF2-40E8-AB3A-F1E133173060}" = Online Safety 2.71.927.655
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2FFABB79-E4B1-430A-AAE8-ACA886F3A34A}" = F-Secure Network CCF 1.02.126
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4EBE5044-43A3-49CC-9848-E5A11CA33E64}" = F-Secure CCF Scanning 1.18.127.7931 (release)
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.71.102.0 (release)
"{7B44A0FF-7F4F-4553-BD98-282640E6BEC7}" = Launch Pad
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"AVMWLANCLI" = AVM FRITZ!WLAN
"F-Secure ServiceEnabler 45119" = Launch Pad
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2013 10:53:49 | Computer Name = David-PC | Source = Software Protection Platform Service | ID = 1008
Description = Fehler beim Erwerb des Zertifikats für sichere Prozessoren. hr=0x80072EE7
 
Error - 22.04.2013 15:26:03 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvSCPAPISvr.exe, Version: 7.17.13.1106,
 Zeitstempel: 0x50f9536b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74186a64  ID des fehlerhaften
 Prozesses: 0x3ec  Startzeit der fehlerhaften Anwendung: 0x01ce3f8f231467d8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 77f478f9-ab82-11e2-8060-bc05430d2401
Vollständiger
 Name des fehlerhaften Pakets: ,/Ë ,/Ë Ü  Anwendungs-ID, die relativ zum fehlerhaften
 Paket ist: ,/Ë ,/Ë Ü
 
Error - 22.04.2013 15:26:03 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WlanNetService.exe, Version: 1.1.0.26,
 Zeitstempel: 0x4cbea834  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74186a64  ID des fehlerhaften
 Prozesses: 0x6c8  Startzeit der fehlerhaften Anwendung: 0x01ce3f8f2502f96e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\avmwlanstick\WlanNetService.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 781cf05d-ab82-11e2-8060-bc05430d2401
Vollständiger
 Name des fehlerhaften Pakets: 82Ë 82Ë    Anwendungs-ID, die relativ zum fehlerhaften
 Paket ist: 82Ë 82Ë 
 
Error - 22.04.2013 15:26:03 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: jhi_service.exe, Version: 8.0.0.1399,
 Zeitstempel: 0x4f19c181  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74186a64  ID des fehlerhaften
 Prozesses: 0x744  Startzeit der fehlerhaften Anwendung: 0x01ce3f8f250a9a8f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Management Engine
 Components\DAL\jhi_service.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung:
 783980e1-ab82-11e2-8060-bc05430d2401  Vollständiger Name des fehlerhaften Pakets:
 \:Ë \:Ë    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: \:Ë \:Ë 
 
Error - 22.04.2013 15:26:03 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 11.0.0.88,
 Zeitstempel: 0x4ddc962f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74186a64  ID des fehlerhaften
 Prozesses: 0x760  Startzeit der fehlerhaften Anwendung: 0x01ce3f8f250c212f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 78561164-ab82-11e2-8060-bc05430d2401
Vollständiger
 Name des fehlerhaften Pakets: è Ë è Ë    Anwendungs-ID, die relativ zum fehlerhaften
Paket ist: è Ë è Ë 
 
Error - 22.04.2013 15:26:04 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 109.0.0.107,
 Zeitstempel: 0x4a92f9d9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74186a64  ID des fehlerhaften
 Prozesses: 0x780  Startzeit der fehlerhaften Anwendung: 0x01ce3f8f2510b50f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 7885acea-ab82-11e2-8060-bc05430d2401
Vollständiger
 Name des fehlerhaften Pakets: Ð Ë Ð Ë    Anwendungs-ID, die relativ zum fehlerhaften
Paket ist: Ð Ë Ð Ë 
 
Error - 22.04.2013 15:54:47 | Computer Name = David-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 1  2013-04-22  21:54:47+02:00  DAVID-PC  DAVID-PC\David  F-Secure
Anti-Virus  Manual scanning was finished - spyware was found in the system. 
 
Error - 22.04.2013 18:15:52 | Computer Name = David-PC | Source = MsiInstaller | ID = 11935
Description =
 
Error - 23.04.2013 07:00:21 | Computer Name = David-PC | Source = Microsoft-Windows-WMI | ID = 24
Description = Vom Ereignisanbieter "" wurde versucht, die Abfrage "SELECT * FROM
 Win32_RemoteAppChangeEvent" zu registrieren, deren Zielklasse "Win32_RemoteAppChangeEvent"
 im Namespace "//./ROOT/CIMV2/TerminalServices" nicht vorhanden ist. Die Abfrage
 wird ignoriert.
 
Error - 23.04.2013 07:00:21 | Computer Name = David-PC | Source = Microsoft-Windows-WMI | ID = 24
Description = Vom Ereignisanbieter "Win32_TSPublishedApplication_Prov" wurde versucht,
 die Abfrage "SELECT * FROM Win32_RemoteAppChangeEvent" zu registrieren, deren Zielklasse
 "Win32_RemoteAppChangeEvent" im Namespace "//./ROOT/CIMV2/TerminalServices" nicht
 vorhanden ist. Die Abfrage wird ignoriert.
 
[ System Events ]
Error - 23.04.2013 07:30:35 | Computer Name = David-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht
 richtig gestartet.
 
Error - 23.04.2013 07:30:35 | Computer Name = David-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1070
 
Error - 23.04.2013 07:33:52 | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =
 
Error - 23.04.2013 07:54:08 | Computer Name = David-PC | Source = DCOM | ID = 10016
Description =
 
Error - 23.04.2013 10:42:34 | Computer Name = David-PC | Source = DCOM | ID = 10016
Description =
 
Error - 23.04.2013 12:08:27 | Computer Name = David-PC | Source = DCOM | ID = 10016
Description =
 
Error - 24.04.2013 12:14:26 | Computer Name = David-PC | Source = DCOM | ID = 10016
Description =
 
Error - 24.04.2013 20:06:18 | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =
 
Error - 24.04.2013 20:06:18 | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =
 
Error - 25.04.2013 18:50:21 | Computer Name = David-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >

Tklr 27.04.2013 15:16
Code:
OTL logfile created on: 27.04.2013 16:11:37 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\David\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 14,46 Gb Available Physical Memory | 90,65% Memory free
109,71 Gb Paging File | 107,89 Gb Available in Paging File | 98,34% Paging File free
Paging file location(s): c:\pagefile.sys 48000 48000z:\pag [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,57 Gb Total Space | 116,66 Gb Free Space | 52,18% Space Free | Partition Type: NTFS
Drive Z: | 1862,92 Gb Total Space | 1800,17 Gb Free Space | 96,63% Space Free | Partition Type: NTFS
 
Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\David\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Internet Security\fshoster32.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Internet Security\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll ()
MOD - C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\FSGUI\strres.eng ()
MOD - C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\FSGUI\fsavures.eng ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (fshoster) -- C:\Program Files (x86)\Internet Security\fshoster32.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSORSPClient) -- C:\Program Files (x86)\Internet Security\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\Drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\Drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\Drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\Drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\Drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\Drivers\fwlanusbn.sys (AVM GmbH)
DRV - (F-Secure HIPS) -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsni) -- C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\fsni64.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1003109799-866300710-3827814734-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://wiki-de.guildwars2.com/wiki/Hauptseite
IE - HKU\S-1-5-21-1003109799-866300710-3827814734-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\S-1-5-21-1003109799-866300710-3827814734-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKU\S-1-5-21-1003109799-866300710-3827814734-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 20 6C 8B 8F 3F CE 01  [binary data]
IE - HKU\S-1-5-21-1003109799-866300710-3827814734-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1003109799-866300710-3827814734-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1003109799-866300710-3827814734-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUM_deCH533
IE - HKU\S-1-5-21-1003109799-866300710-3827814734-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1003109799-866300710-3827814734-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [F-Secure Hoster (45119)] C:\Program Files (x86)\Internet Security\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1003109799-866300710-3827814734-1003..\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC722779-78CE-4172-B690-4BBEDEACF34C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.27 16:10:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013.04.25 16:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.00
[2013.04.25 16:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Unknown Device Identifier
[2013.04.24 14:42:59 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dskquota.dll
[2013.04.24 14:42:59 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dskquota.dll
[2013.04.24 14:42:49 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hal.dll
[2013.04.24 14:42:46 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetsrc.dll
[2013.04.24 14:42:46 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2013.04.24 14:42:46 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2013.04.24 14:42:46 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2013.04.24 14:42:45 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2013.04.24 14:42:45 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2013.04.24 14:42:05 | 003,554,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2013.04.24 14:42:04 | 002,116,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2013.04.24 14:42:03 | 002,764,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2013.04.24 14:42:03 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2013.04.24 14:42:03 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013.04.24 14:42:02 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2013.04.24 14:42:02 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013.04.24 14:42:02 | 001,610,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2013.04.24 14:42:02 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll
[2013.04.24 14:42:01 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2013.04.24 14:42:01 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2013.04.24 14:42:01 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2013.04.24 14:42:01 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SHCore.dll
[2013.04.24 14:42:01 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StructuredQuery.dll
[2013.04.24 14:42:00 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2013.04.24 14:42:00 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2013.04.24 14:42:00 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2013.04.24 14:42:00 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2013.04.24 14:42:00 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2013.04.24 14:42:00 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SHCore.dll
[2013.04.24 14:42:00 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssph.dll
[2013.04.24 14:42:00 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2013.04.24 14:41:59 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll
[2013.04.24 14:41:59 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2013.04.24 14:41:59 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2013.04.24 14:41:59 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll
[2013.04.24 14:41:59 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\netio.sys
[2013.04.24 14:41:59 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2013.04.24 14:41:59 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\portcls.sys
[2013.04.24 14:41:59 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.Compression.dll
[2013.04.24 14:41:58 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2013.04.24 14:41:58 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SpaceControl.dll
[2013.04.24 14:41:58 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dhcpcore6.dll
[2013.04.24 14:41:58 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpcore6.dll
[2013.04.24 14:41:58 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dam.sys
[2013.04.24 14:41:57 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssph.dll
[2013.04.24 14:41:57 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\input.dll
[2013.04.24 14:41:57 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\input.dll
[2013.04.24 14:41:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFilterHost.exe
[2013.04.24 14:41:57 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.Compression.dll
[2013.04.24 14:41:57 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdstor.sys
[2013.04.24 14:41:57 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\battc.sys
[2013.04.24 14:41:56 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssvp.dll
[2013.04.24 14:41:56 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssvp.dll
[2013.04.24 14:41:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msscntrs.dll
[2013.04.24 14:41:56 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dhcpcsvc6.dll
[2013.04.24 14:41:56 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PCPKsp.dll
[2013.04.24 14:41:56 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\microsoft-windows-pdc.dll
[2013.04.24 14:41:55 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2013.04.24 14:41:55 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2013.04.24 14:41:55 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FirewallAPI.dll
[2013.04.24 14:41:55 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SysFxUI.dll
[2013.04.24 14:41:55 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxSip.dll
[2013.04.24 14:41:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxSip.dll
[2013.04.24 14:41:54 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssphtb.dll
[2013.04.24 14:41:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\icfupgd.dll
[2013.04.24 14:41:54 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssitlb.dll
[2013.04.24 14:41:54 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2013.04.24 14:41:54 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssitlb.dll
[2013.04.24 14:41:54 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PCPKsp.dll
[2013.04.24 14:41:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BdeUISrv.exe
[2013.04.24 14:41:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msscntrs.dll
[2013.04.24 14:41:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\drmk.sys
[2013.04.24 14:41:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wfapigp.dll
[2013.04.24 14:41:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wfapigp.dll
[2013.04.24 14:41:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msshooks.dll
[2013.04.24 14:41:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msshooks.dll
[2013.04.24 14:41:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdhebl3.dll
[2013.04.24 14:41:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhebl3.dll
[2013.04.24 14:41:50 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wwanprotdim.dll
[2013.04.24 14:41:47 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2013.04.24 14:41:47 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2013.04.24 14:41:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDKURD.DLL
[2013.04.24 14:41:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDKURD.DLL
[2013.04.24 14:41:46 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013.04.24 14:41:46 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013.04.24 14:41:46 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2013.04.24 14:41:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.04.24 14:41:46 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2013.04.24 14:41:46 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.04.24 14:41:23 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\glcndFilter.dll
[2013.04.24 14:41:20 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\glcndFilter.dll
[2013.04.24 14:41:20 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2013.04.24 14:41:20 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2013.04.24 14:41:20 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2013.04.24 14:41:19 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2013.04.24 14:41:19 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2013.04.24 14:41:18 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\HelpPane.exe
[2013.04.24 14:41:18 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2013.04.24 14:41:18 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2013.04.24 14:41:18 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe
[2013.04.24 14:41:15 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AUDIOKSE.dll
[2013.04.24 14:41:15 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll
[2013.04.24 14:41:15 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanmsm.dll
[2013.04.24 14:41:15 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AUDIOKSE.dll
[2013.04.24 14:41:15 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlansec.dll
[2013.04.24 14:41:15 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanmsm.dll
[2013.04.24 14:41:15 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanapi.dll
[2013.04.24 14:41:15 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bthprops.cpl
[2013.04.24 14:41:15 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWCN.dll
[2013.04.24 14:41:14 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2013.04.24 14:41:14 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlansec.dll
[2013.04.24 14:41:14 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpclip.exe
[2013.04.24 14:41:14 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfreadwrite.dll
[2013.04.24 14:41:14 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfreadwrite.dll
[2013.04.24 14:41:14 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bthprops.cpl
[2013.04.24 14:41:14 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFCaptureEngine.dll
[2013.04.24 14:41:14 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFCaptureEngine.dll
[2013.04.24 14:41:13 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanapi.dll
[2013.04.24 14:41:13 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2013.04.24 14:41:13 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnApi.dll
[2013.04.24 14:41:13 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fdWCN.dll
[2013.04.24 14:41:13 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WcnApi.dll
[2013.04.24 14:41:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnEapAuthProxy.dll
[2013.04.24 14:41:12 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EncDump.dll
[2013.04.24 14:41:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wfdprov.dll
[2013.04.24 14:41:12 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnEapPeerProxy.dll
[2013.04.24 14:41:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wfdprov.dll
[2013.04.24 14:41:12 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\fxppm.sys
[2013.04.24 14:41:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanhlp.dll
[2013.04.24 14:41:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanhlp.dll
[2013.04.24 14:41:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iscsilog.dll
[2013.04.24 14:41:06 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013.04.24 14:41:05 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013.04.24 14:40:55 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll
[2013.04.24 14:40:54 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storagewmi.dll
[2013.04.24 14:40:54 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Taskmgr.exe
[2013.04.24 14:40:54 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Taskmgr.exe
[2013.04.24 14:40:54 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WebcamUi.dll
[2013.04.24 14:40:53 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsc.exe
[2013.04.24 14:40:53 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WebcamUi.dll
[2013.04.24 14:40:53 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserLanguagesCpl.dll
[2013.04.24 14:40:53 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll
[2013.04.24 14:40:53 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnapps.dll
[2013.04.24 14:40:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vdsutil.dll
[2013.04.24 14:40:53 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wpnapps.dll
[2013.04.24 14:40:53 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys
[2013.04.24 14:40:52 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\storagewmi.dll
[2013.04.24 14:40:52 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstsc.exe
[2013.04.24 14:40:52 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll
[2013.04.24 14:40:52 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll
[2013.04.24 14:40:52 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL
[2013.04.24 14:40:52 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
[2013.04.24 14:40:52 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll
[2013.04.24 14:40:52 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vds_ps.dll
[2013.04.24 14:40:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\vds_ps.dll
[2013.04.24 14:40:52 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rfxvmt.dll
[2013.04.24 14:40:52 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vdsldr.exe
[2013.04.24 14:40:50 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppwinob.dll
[2013.04.24 14:39:42 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll
[2013.04.24 14:39:36 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\SysNative\drivers\evbda.sys
[2013.04.24 14:39:34 | 014,259,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll
[2013.04.24 14:39:30 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe
[2013.04.24 14:39:29 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2013.04.24 14:39:27 | 011,875,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2013.04.24 14:39:27 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSAT.exe
[2013.04.24 14:39:26 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys
[2013.04.24 14:39:25 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vssapi.dll
[2013.04.24 14:39:24 | 001,825,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2013.04.24 14:39:22 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10warp.dll
[2013.04.24 14:39:22 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RacEngn.dll
[2013.04.24 14:39:22 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MsSpellCheckingFacility.dll
[2013.04.24 14:39:21 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2013.04.24 14:39:21 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uDWM.dll
[2013.04.24 14:39:21 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MMDevAPI.dll
[2013.04.24 14:39:20 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\provcore.dll
[2013.04.24 14:39:17 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSATAPI.dll
[2013.04.24 14:39:15 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2013.04.24 14:39:15 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll
[2013.04.24 14:39:14 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll
[2013.04.24 14:39:14 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IPHLPAPI.DLL
[2013.04.24 14:39:12 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2013.04.24 14:39:12 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFPlay.dll
[2013.04.24 14:39:11 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2013.04.24 14:39:11 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2013.04.24 14:39:10 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll
[2013.04.24 14:39:10 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapi.dll
[2013.04.24 14:39:10 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsrcsnk.dll
[2013.04.24 14:39:10 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskeng.exe
[2013.04.24 14:39:10 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2013.04.24 14:39:10 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcredprov.dll
[2013.04.24 14:39:10 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rascfg.dll
[2013.04.24 14:39:09 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnprv.dll
[2013.04.24 14:39:09 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcdsrv.dll
[2013.04.24 14:39:09 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rascfg.dll
[2013.04.24 14:39:08 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2013.04.24 14:39:08 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VAN.dll
[2013.04.24 14:39:08 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2013.04.24 14:39:08 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinSATAPI.dll
[2013.04.24 14:39:07 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\services.exe
[2013.04.24 14:39:07 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapibase.dll
[2013.04.24 14:39:07 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll
[2013.04.24 14:39:06 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appwiz.cpl
[2013.04.24 14:39:06 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2013.04.24 14:39:06 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2013.04.24 14:39:02 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSSync.dll
[2013.04.24 14:39:01 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2013.04.24 14:39:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhengine.dll
[2013.04.24 14:39:01 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFPlay.dll
[2013.04.24 14:39:01 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll
[2013.04.24 14:39:01 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSSync.dll
[2013.04.24 14:39:01 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\msgpioclx.sys
[2013.04.24 14:39:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PackageStateRoaming.dll
[2013.04.24 14:39:00 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RacEngn.dll
[2013.04.24 14:39:00 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appwiz.cpl
[2013.04.24 14:39:00 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2013.04.24 14:39:00 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmredir.dll
[2013.04.24 14:38:59 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\provcore.dll
[2013.04.24 14:38:59 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013.04.24 14:38:59 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvproc.dll
[2013.04.24 14:38:59 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProximityService.dll
[2013.04.24 14:38:59 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TpmTasks.dll
[2013.04.24 14:38:59 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PackageStateRoaming.dll
[2013.04.24 14:38:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\setbcdlocale.dll
[2013.04.24 14:38:58 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2013.04.24 14:38:58 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.dll
[2013.04.24 14:38:58 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VAN.dll
[2013.04.24 14:38:58 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\microsoft-windows-kernel-power-events.dll
[2013.04.24 14:38:58 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpfve.sys
[2013.04.24 14:38:58 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\avrt.dll
[2013.04.24 14:38:57 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\batmeter.dll
[2013.04.24 14:38:57 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\batmeter.dll
[2013.04.24 14:38:57 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsrcsnk.dll
[2013.04.24 14:38:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2013.04.24 14:38:57 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfdisk.dll
[2013.04.24 14:38:56 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2013.04.24 14:38:56 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2013.04.24 14:38:56 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfdisk.dll
[2013.04.24 14:38:56 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\svchost.exe
[2013.04.24 14:38:55 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2013.04.24 14:38:55 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013.04.24 14:38:55 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcredprov.dll
[2013.04.24 14:38:55 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhevents.dll
[2013.04.24 14:38:54 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfh264enc.dll
[2013.04.24 14:38:54 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvproc.dll
[2013.04.24 14:38:54 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll
[2013.04.24 14:38:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfnet.dll
[2013.04.24 14:38:53 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.dll
[2013.04.24 14:38:53 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpksetup.exe
[2013.04.24 14:38:53 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfh264enc.dll
[2013.04.24 14:38:53 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevPropMgr.dll
[2013.04.24 14:38:53 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwm.exe
[2013.04.24 14:38:53 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2013.04.24 14:38:53 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvinst.exe
[2013.04.24 14:38:52 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcfg.dll
[2013.04.24 14:38:52 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvinst.exe
[2013.04.24 14:38:51 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013.04.24 14:38:51 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAFWSD.dll
[2013.04.24 14:38:50 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013.04.24 14:38:50 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsrchapi.dll
[2013.04.24 14:38:50 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfnet.dll
[2013.04.24 14:38:49 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013.04.24 14:38:49 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\webio.dll
[2013.04.24 14:38:49 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\webio.dll
[2013.04.24 14:38:49 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcat.dll
[2013.04.24 14:38:49 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfos.dll
[2013.04.24 14:38:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsvc.dll
[2013.04.24 14:38:48 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sspicli.dll
[2013.04.24 14:38:48 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhshl.dll
[2013.04.24 14:38:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CscMig.dll
[2013.04.24 14:38:48 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpremove.exe
[2013.04.24 14:38:48 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasdiag.dll
[2013.04.24 14:38:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasdiag.dll
[2013.04.24 14:38:48 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptdlg.dll
[2013.04.24 14:38:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhmanagew.exe
[2013.04.24 14:38:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vsstrace.dll
[2013.04.24 14:38:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsrchph.dll
[2013.04.24 14:38:47 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhlisten.dll
[2013.04.24 14:38:47 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcleanup.dll
[2013.04.24 14:38:47 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptdlg.dll
[2013.04.24 14:38:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasmxs.dll
[2013.04.24 14:38:46 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhtask.dll
[2013.04.24 14:38:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sdbinst.exe
[2013.04.24 14:38:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sdbinst.exe
[2013.04.24 14:38:45 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhautoplay.dll
[2013.04.24 14:38:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ndptsp.tsp
[2013.04.24 14:38:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ndptsp.tsp
[2013.04.24 14:38:45 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfctrs.dll
[2013.04.24 14:38:45 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfctrs.dll
[2013.04.24 14:38:45 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfproc.dll
[2013.04.24 14:38:45 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfproc.dll
[2013.04.24 14:38:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfos.dll
[2013.04.24 14:38:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasmxs.dll
[2013.04.24 14:38:45 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasser.dll
[2013.04.24 14:38:45 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasser.dll
[2013.04.24 14:38:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kmddsp.tsp
[2013.04.24 14:38:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kmddsp.tsp
[2013.04.24 14:38:42 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LangCleanupSysprepAction.dll
[2013.04.24 14:38:42 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sspisrv.dll
[2013.04.24 14:38:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsvcctl.dll
[2013.04.24 14:38:42 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eventcls.dll
[2013.04.24 14:38:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eventcls.dll
[2013.04.24 14:38:42 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MUILanguageCleanup.dll
[2013.04.24 14:38:42 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpksetupproxyserv.dll
[2013.04.24 14:38:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spwmp.dll
[2013.04.24 14:38:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\spwmp.dll
[2013.04.24 14:38:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shimeng.dll
[2013.04.24 14:38:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdxm.ocx
[2013.04.24 14:38:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxmasf.dll
[2013.04.24 14:38:41 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdxm.ocx
[2013.04.24 14:38:41 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dxmasf.dll
[2013.04.24 14:38:39 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmploc.DLL
[2013.04.24 14:38:39 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmploc.DLL
[2013.04.24 14:38:31 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\newdev.dll
[2013.04.24 14:38:30 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\newdev.dll
[2013.04.24 14:38:30 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\newdev.exe
[2013.04.24 14:38:30 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ndadmin.exe
[2013.04.24 14:38:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\newdev.exe
[2013.04.24 14:38:30 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ndadmin.exe
[2013.04.23 14:09:07 | 000,000,000 | R--D | C] -- C:\WINDOWS\BrowserChoice
[2013.04.23 13:55:23 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013.04.23 13:46:32 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcr100_clr0400.dll
[2013.04.23 13:46:24 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll
[2013.04.23 13:45:45 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mmc.exe
[2013.04.23 13:45:45 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll
[2013.04.23 13:45:45 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2013.04.23 13:45:44 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmc.exe
[2013.04.23 13:45:44 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gpprefcl.dll
[2013.04.23 13:45:44 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srmstormod.dll
[2013.04.23 13:45:43 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\setupapi.dll
[2013.04.23 13:45:43 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2013.04.23 13:45:43 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsm.dll
[2013.04.23 13:45:43 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2013.04.23 13:45:43 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2013.04.23 13:45:43 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srmstormod.dll
[2013.04.23 13:45:42 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll
[2013.04.23 13:45:42 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MP4SDECD.DLL
[2013.04.23 13:45:42 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gpprefcl.dll
[2013.04.23 13:45:42 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013.04.23 13:45:42 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDMon.dll
[2013.04.23 13:45:42 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetpp.dll
[2013.04.23 13:45:42 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\msgpiowin32.sys
[2013.04.23 13:45:41 | 001,347,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srmclient.dll
[2013.04.23 13:45:41 | 000,987,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srmclient.dll
[2013.04.23 13:45:41 | 000,652,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srmscan.dll
[2013.04.23 13:45:41 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srmscan.dll
[2013.04.23 13:45:41 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MP4SDECD.DLL
[2013.04.23 13:45:41 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2013.04.23 13:45:41 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srmshell.dll
[2013.04.23 13:45:41 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncbservice.dll
[2013.04.23 13:45:41 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adrclient.dll
[2013.04.23 13:45:41 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srmshell.dll
[2013.04.23 13:45:41 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\httpprxm.dll
[2013.04.23 13:45:41 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adrclient.dll
[2013.04.23 13:45:41 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wiaacmgr.exe
[2013.04.23 13:45:41 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srmtrace.dll
[2013.04.23 13:45:41 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wiaacmgr.exe
[2013.04.23 13:45:41 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srmtrace.dll
[2013.04.23 13:45:41 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adhsvc.dll
[2013.04.23 13:45:40 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srm.dll
[2013.04.23 13:45:40 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srm.dll
[2013.04.23 13:45:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srm_ps.dll
[2013.04.23 13:45:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adhapi.dll
[2013.04.23 13:45:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\httpprxp.dll
[2013.04.23 13:45:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srm_ps.dll
[2013.04.23 13:45:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\keepaliveprovider.dll
[2013.04.23 13:44:24 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013.04.23 13:44:24 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2013.04.23 13:44:23 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013.04.23 13:44:21 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2013.04.23 13:44:20 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2013.04.23 13:44:20 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2013.04.23 13:44:19 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2013.04.23 13:44:19 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2013.04.23 13:44:19 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2013.04.23 13:44:19 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BCP47Langs.dll
[2013.04.23 13:44:19 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2013.04.23 13:44:19 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Classpnp.sys
[2013.04.23 13:44:19 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ubpm.dll
[2013.04.23 13:44:18 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2013.04.23 13:44:18 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013.04.23 13:44:18 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013.04.23 13:44:18 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013.04.23 13:44:18 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2013.04.23 13:44:18 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2013.04.23 13:44:18 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013.04.23 13:44:18 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2013.04.23 13:44:18 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2013.04.23 13:44:18 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2013.04.23 13:44:18 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BCP47Langs.dll
[2013.04.23 13:44:18 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2013.04.23 13:44:18 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TimeBrokerServer.dll
[2013.04.23 13:44:17 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2013.04.23 13:44:17 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvstore.dll
[2013.04.23 13:44:17 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2013.04.23 13:44:17 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2013.04.23 13:44:17 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvstore.dll
[2013.04.23 13:44:17 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2013.04.23 13:44:17 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2013.04.23 13:44:17 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013.04.23 13:44:17 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013.04.23 13:44:17 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usbmon.dll
[2013.04.23 13:44:16 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2013.04.23 13:44:16 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013.04.23 13:44:16 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2013.04.23 13:44:16 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2013.04.23 13:44:16 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2013.04.23 13:44:16 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskhost.exe
[2013.04.23 13:44:16 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2013.04.23 13:44:15 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013.04.23 13:44:15 | 000,212,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UCX01000.SYS
[2013.04.23 13:44:15 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2013.04.23 13:44:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\powercfg.cpl
[2013.04.23 13:44:15 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\discan.dll
[2013.04.23 13:44:15 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tpm.sys
[2013.04.23 13:44:15 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\powercfg.cpl
[2013.04.23 13:44:15 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2013.04.23 13:44:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2013.04.23 13:44:15 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NdisImPlatform.dll
[2013.04.23 13:44:15 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storahci.sys
[2013.04.23 13:44:15 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskhostex.exe
[2013.04.23 13:44:15 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2013.04.23 13:44:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevDispItemProvider.dll
[2013.04.23 13:44:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2013.04.23 13:44:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2013.04.23 13:44:15 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuaext.dll
[2013.04.23 13:44:14 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncInfo.dll
[2013.04.23 13:44:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncInfo.dll
[2013.04.23 13:44:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2013.04.23 13:44:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2013.04.23 13:44:14 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDPrintProxy.DLL
[2013.04.23 13:44:14 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2013.04.23 13:44:14 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
[2013.04.23 13:44:14 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2013.04.23 13:44:14 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll
[2013.04.23 13:44:12 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wushareduxresources.dll
[2013.04.23 13:42:14 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\synceng.dll
[2013.04.23 13:42:14 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\synceng.dll
[2013.04.23 13:41:22 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013.04.23 13:41:19 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2013.04.23 13:41:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2013.04.23 13:41:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2013.04.23 13:41:19 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2013.04.23 13:41:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll
[2013.04.23 13:41:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll
[2013.04.23 13:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2013.04.23 13:41:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2013.04.23 13:41:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UXInit.dll
[2013.04.23 13:41:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013.04.23 13:41:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UXInit.dll
[2013.04.23 13:41:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2013.04.23 13:41:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2013.04.23 13:41:14 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptsslp.dll
[2013.04.23 13:41:14 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptsslp.dll
[2013.04.23 13:41:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tssdisai.dll
[2013.04.23 13:41:02 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appserverai.dll
[2013.04.23 13:41:02 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDWebAI.dll
[2013.04.23 13:41:01 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\poqexec.exe
[2013.04.23 13:41:01 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\poqexec.exe
[2013.04.23 13:41:01 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VmHostAI.dll
[2013.04.23 13:40:51 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013.04.23 13:40:49 | 002,893,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2013.04.23 13:40:49 | 002,400,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2013.04.23 13:40:42 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2013.04.23 13:40:42 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2013.04.23 13:40:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgentc.exe
[2013.04.23 13:40:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgentc.exe
[2013.04.23 13:40:41 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2013.04.23 13:40:41 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\resetengmig.dll
[2013.04.23 13:40:41 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2013.04.23 13:40:41 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2013.04.23 13:40:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sysreset.exe
[2013.04.23 13:40:33 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013.04.23 13:40:32 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013.04.23 13:40:30 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2013.04.23 13:40:30 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlroamextension.dll
[2013.04.23 13:40:30 | 000,488,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbport.sys
[2013.04.23 13:40:30 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWanAPI.dll
[2013.04.23 13:40:30 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netprofmsvc.dll
[2013.04.23 13:40:30 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2013.04.23 13:40:30 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlroamextension.dll
[2013.04.23 13:40:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncsi.dll
[2013.04.23 13:40:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll
[2013.04.23 13:40:30 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hotspotauth.dll
[2013.04.23 13:40:30 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsRasterService.dll
[2013.04.23 13:40:30 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BthAvrcpTg.sys
[2013.04.23 13:40:29 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2013.04.23 13:40:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpd_ci.dll
[2013.04.23 13:40:29 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWanAPI.dll
[2013.04.23 13:40:29 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mbsmsapi.dll
[2013.04.23 13:40:29 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2013.04.23 13:40:29 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mbsmsapi.dll
[2013.04.23 13:40:29 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsRasterService.dll
[2013.04.23 13:40:29 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskkill.exe
[2013.04.23 13:40:29 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tasklist.exe
[2013.04.23 13:40:29 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2013.04.23 13:40:29 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tasklist.exe
[2013.04.23 13:40:29 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\taskkill.exe
[2013.04.23 13:40:29 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\crashdmp.sys
[2013.04.23 13:40:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidi2c.sys
[2013.04.23 13:40:29 | 000,021,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbd.sys
[2013.04.23 13:40:28 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BthhfHid.sys
[2013.04.23 13:40:28 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BtaMPM.sys
[2013.04.23 13:40:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nlmproxy.dll
[2013.04.23 13:40:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nlmsprep.dll
[2013.04.23 13:40:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcadm.dll
[2013.04.23 13:40:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcalua.exe
[2013.04.23 13:40:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcaevts.dll
[2013.04.23 13:40:24 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnet.dll
[2013.04.23 13:40:23 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnet.dll
[2013.04.23 13:40:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnathlp.dll
[2013.04.23 13:40:23 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnathlp.dll
[2013.04.23 13:40:23 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnsvr.exe
[2013.04.23 13:40:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnsvr.exe
[2013.04.23 13:40:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnhupnp.dll
[2013.04.23 13:40:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnhpast.dll
[2013.04.23 13:40:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnhupnp.dll
[2013.04.23 13:40:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnhpast.dll
[2013.04.23 13:40:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnlobby.dll
[2013.04.23 13:40:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnaddr.dll
[2013.04.23 13:40:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnlobby.dll
[2013.04.23 13:40:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnaddr.dll
[2013.04.23 13:40:19 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2013.04.23 13:40:18 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2013.04.23 13:40:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2013.04.23 13:40:16 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2013.04.23 13:40:16 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2013.04.23 13:40:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml6r.dll
[2013.04.23 13:40:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msxml6r.dll
[2013.04.23 13:40:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3r.dll
[2013.04.23 13:40:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msxml3r.dll
[2013.04.23 13:40:02 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2013.04.23 13:40:02 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2013.04.23 13:40:02 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll
[2013.04.23 13:40:02 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll
[2013.04.23 13:40:02 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2013.04.23 13:40:02 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2013.04.23 13:40:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dciman32.dll
[2013.04.23 13:40:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpk.dll
[2013.04.23 13:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2013.04.23 13:30:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Packages
[2013.04.23 12:57:24 | 000,000,000 | --SD | C] -- C:\Users\David\AppData\Roaming\Microsoft
[2013.04.23 12:57:24 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.04.23 12:57:24 | 000,000,000 | R--D | C] -- C:\Users\David\Favorites
[2013.04.23 12:57:24 | 000,000,000 | R--D | C] -- C:\Users\David\Desktop
[2013.04.23 12:57:24 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.23 12:57:24 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Vorlagen
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Local\Verlauf
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Local\Temporary Internet Files
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Startmenü
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\SendTo
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Recent
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Netzwerkumgebung
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Lokale Einstellungen
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Documents\Eigene Videos
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Documents\Eigene Musik
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Eigene Dateien
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Documents\Eigene Bilder
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Druckumgebung
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Cookies
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Local\Anwendungsdaten
[2013.04.23 12:57:24 | 000,000,000 | -HSD | C] -- C:\Users\David\Anwendungsdaten
[2013.04.23 12:57:24 | 000,000,000 | -H-D | C] -- C:\Users\David\AppData
[2013.04.23 12:57:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Temp
[2013.04.23 12:57:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Microsoft
[2013.04.23 12:57:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.23 12:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.04.23 12:57:00 | 006,390,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcpl.dll
[2013.04.23 12:57:00 | 003,460,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvc64.dll
[2013.04.23 12:57:00 | 002,558,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvcr.dll
[2013.04.23 12:57:00 | 000,118,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvmctray.dll
[2013.04.23 12:57:00 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvshext.dll
[2013.04.23 12:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.04.23 12:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.04.23 12:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.04.23 12:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.04.23 12:56:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2013.04.23 12:56:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013.04.23 12:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013.04.23 12:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013.04.23 12:54:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer
[2013.04.23 12:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013.04.23 12:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013.04.23 12:48:59 | 001,166,440 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2013.04.23 12:48:50 | 000,035,400 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2013.04.23 12:48:44 | 000,124,040 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013.04.23 12:48:34 | 000,035,400 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2013.04.23 12:48:28 | 000,102,528 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013.04.23 12:48:19 | 000,778,856 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2013.04.23 12:20:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Macromedia
[2013.04.23 12:20:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Adobe
[2013.04.23 12:16:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013.04.23 10:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.04.22 22:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2013.04.22 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Guild Wars 2
[2013.04.22 22:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.04.22 22:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.04.22 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.04.22 22:15:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Microsoft Help
[2013.04.22 22:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.04.22 22:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.04.22 22:14:55 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.04.22 22:07:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Wat
[2013.04.22 22:07:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Wat
[2013.04.22 21:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Security
[2013.04.22 21:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Security
[2013.04.22 21:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2013.04.22 20:49:45 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserchoice.exe
[2013.04.22 20:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013.04.22 20:32:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdrmemptylst.exe
[2013.04.22 20:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2013.04.22 20:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick
[2013.04.22 20:14:32 | 000,714,368 | ---- | C] (AVM GmbH) -- C:\WINDOWS\SysNative\drivers\fwlanusbn.sys
[2013.04.22 20:14:32 | 000,099,328 | ---- | C] (AVM Berlin) -- C:\WINDOWS\SysNative\fwusbnci.dll
[2013.04.22 20:07:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Google
[2013.04.22 18:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.04.22 18:12:09 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.04.22 18:12:08 | 000,068,928 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2013.04.22 18:12:08 | 000,061,248 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2013.04.22 18:11:45 | 001,466,176 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvgenco64.dll
[2013.04.22 18:11:34 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvdecodemft.dll
[2013.04.22 18:11:34 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvdecodemft.dll
[2013.04.22 18:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.04.22 18:07:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Intel Corporation
[2013.04.22 18:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.04.22 18:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.04.22 18:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2013.04.22 18:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA
[2013.04.22 18:04:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.04.22 18:04:21 | 000,568,600 | ---- | C] (Intel Corporation) -- C:\WINDOWS\SysNative\drivers\iaStor.sys
[2013.04.22 18:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2013.04.22 18:03:47 | 000,016,152 | ---- | C] (Intel Corporation) -- C:\WINDOWS\SysNative\drivers\iusb3hcs.sys
[2013.04.22 18:03:41 | 000,355,096 | ---- | C] (Intel Corporation) -- C:\WINDOWS\SysNative\drivers\iusb3hub.sys
[2013.04.22 18:03:40 | 000,786,200 | ---- | C] (Intel Corporation) -- C:\WINDOWS\SysNative\drivers\iusb3xhc.sys
[2013.04.22 18:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.04.22 18:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.04.22 18:02:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\InstallShield
[2013.04.22 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.04.22 17:07:31 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\SysNative\tosade.dll
[2013.04.22 17:07:31 | 000,177,088 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\SysNative\tadefxapo264.dll
[2013.04.22 17:07:31 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\SysNative\tadefxapo.dll
[2013.04.22 17:07:31 | 000,065,432 | ---- | C] (TOSHIBA CORPORATION.) -- C:\WINDOWS\SysNative\tepeqapo64.dll
[2013.04.22 17:07:21 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\WavesGUILib.dll
[2013.04.22 17:07:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSTSX64.dll
[2013.04.22 17:07:20 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SFNHK64.dll
[2013.04.22 17:07:20 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\WINDOWS\SysNative\SFSS_APO.dll
[2013.04.22 17:07:20 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSTSH64.dll
[2013.04.22 17:07:20 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSHP64.dll
[2013.04.22 17:07:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSWOW64.dll
[2013.04.22 17:07:20 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SFCOM64.dll
[2013.04.22 17:07:20 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SFAPO64.dll
[2013.04.22 17:07:20 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\WINDOWS\SysWow64\SFCOM.dll
[2013.04.22 17:07:19 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtlCPAPI64.dll
[2013.04.22 17:07:15 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCfg64.dll
[2013.04.22 17:07:15 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCoLDR64.dll
[2013.04.22 17:07:14 | 000,823,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkApi64.dll
[2013.04.22 17:07:13 | 003,747,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkAPO64.dll
[2013.04.22 17:07:11 | 002,615,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtPgEx64.dll
[2013.04.22 17:07:11 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTCOM64.dll
[2013.04.22 17:07:10 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTSnMg64.cpl
[2013.04.22 17:07:08 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEP64A.dll
[2013.04.22 17:07:08 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEED64A.dll
[2013.04.22 17:07:08 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEL64A.dll
[2013.04.22 17:07:08 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEG64A.dll
[2013.04.22 17:07:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DHT64.dll
[2013.04.22 17:07:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DAA64.dll
[2013.04.22 17:07:07 | 000,100,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoInstII64.dll
[2013.04.22 17:07:05 | 002,765,312 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoRes64.dat
[2013.04.22 17:06:59 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EEP64A.dll
[2013.04.22 17:06:59 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EED64A.dll
[2013.04.22 17:06:59 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EEL64A.dll
[2013.04.22 17:06:59 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EEG64A.dll
[2013.04.22 17:06:58 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxVolumeSDAPO.dll
[2013.04.22 17:06:58 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EEA64A.dll
[2013.04.22 17:06:57 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioRealtek264.dll
[2013.04.22 17:06:55 | 005,996,376 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioRealtek.dll
[2013.04.22 17:06:54 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioEQ.dll
[2013.04.22 17:06:53 | 000,955,736 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPOShell64.dll
[2013.04.22 17:06:53 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPO30.dll
[2013.04.22 17:06:52 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPO20.dll
[2013.04.22 17:06:50 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\WINDOWS\SysNative\KAAPORT64.dll
[2013.04.22 17:06:33 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\WINDOWS\SysNative\FMAPO64.dll
[2013.04.22 17:06:31 | 000,693,352 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSVoiceClarityDLL64.dll
[2013.04.22 17:06:31 | 000,439,808 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSU2PREC64.dll
[2013.04.22 17:06:30 | 000,527,872 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSU2PLFX64.dll
[2013.04.22 17:06:30 | 000,515,584 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSU2PGFX64.dll
[2013.04.22 17:06:29 | 000,712,296 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSSymmetryDLL64.dll
[2013.04.22 17:06:28 | 001,756,264 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSS2SpeakerDLL64.dll
[2013.04.22 17:06:27 | 001,568,360 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSS2HeadphoneDLL64.dll
[2013.04.22 17:06:27 | 000,491,112 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSNeoPCDLL64.dll
[2013.04.22 17:06:27 | 000,432,744 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSLimiterDLL64.dll
[2013.04.22 17:06:27 | 000,242,792 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSLFXAPO64.dll
[2013.04.22 17:06:26 | 000,428,648 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSGainCompensatorDLL64.dll
[2013.04.22 17:06:26 | 000,241,768 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSGFXAPONS64.dll
[2013.04.22 17:06:25 | 001,486,952 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSBoostDLL64.dll
[2013.04.22 17:06:25 | 000,242,792 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSGFXAPO64.dll
[2013.04.22 17:06:24 | 000,728,680 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSBassEnhancementDLL64.dll
[2013.04.22 17:06:21 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAC64.dll
[2013.04.22 17:06:21 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAR64.dll
[2013.04.22 17:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.04.22 17:06:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.04.22 17:06:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.04.22 17:06:16 | 001,698,408 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2013.04.22 17:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.04.22 17:04:30 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\SysWow64\CSVer.dll
[2013.04.22 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.04.22 17:04:22 | 000,000,000 | ---D | C] -- C:\Intel
[2013.04.22 17:02:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\AsusInstAll
[2013.04.22 17:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.04.22 17:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.04.22 17:02:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Google
[2013.04.22 17:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.04.22 17:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.04.22 17:00:30 | 000,016,896 | ---- | C] (ASUS) -- C:\WINDOWS\AsTaskSched.dll
[2013.04.22 17:00:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Chipset
[2013.04.22 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ElevatedDiagnostics
[2013.04.22 16:47:55 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.22 16:47:55 | 000,000,000 | R--D | C] -- C:\Users\David\Searches
[2013.04.22 16:47:55 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.22 16:47:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Identities
[2013.04.22 16:47:49 | 000,000,000 | R--D | C] -- C:\Users\David\Contacts
[2013.04.22 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\VirtualStore
[2013.04.22 16:47:46 | 000,000,000 | R--D | C] -- C:\Users\David\Videos
[2013.04.22 16:47:46 | 000,000,000 | R--D | C] -- C:\Users\David\Saved Games
[2013.04.22 16:47:46 | 000,000,000 | R--D | C] -- C:\Users\David\Pictures
[2013.04.22 16:47:46 | 000,000,000 | R--D | C] -- C:\Users\David\Music
[2013.04.22 16:47:46 | 000,000,000 | R--D | C] -- C:\Users\David\Links
[2013.04.22 16:47:46 | 000,000,000 | R--D | C] -- C:\Users\David\Downloads
[2013.04.22 16:47:46 | 000,000,000 | R--D | C] -- C:\Users\David\Documents
[2013.04.22 16:47:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Media Center Programs
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.04.22 16:47:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.04.22 16:47:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013.04.22 16:38:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Users\David\AppData\Local\*.tmp files -> C:\Users\David\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.27 16:12:06 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.27 16:10:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013.04.27 16:10:25 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.27 16:09:25 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.27 01:19:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.25 16:10:13 | 000,001,159 | ---- | M] () -- C:\Users\David\Desktop\Unknown Device Identifier.lnk
[2013.04.25 16:09:19 | 000,000,079 | ---- | M] () -- C:\Users\David\Desktop\Huntersoft Free Download.url
[2013.04.24 15:40:45 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.04.24 15:40:45 | 000,751,892 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.04.24 15:40:45 | 000,710,046 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.04.24 15:40:45 | 000,155,620 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.04.24 15:40:45 | 000,132,416 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.04.24 15:36:27 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.24 15:36:21 | 4259,774,462 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.23 15:34:01 | 000,890,815 | ---- | M] () -- C:\Users\David\Desktop\SecurityCheck.exe
[2013.04.23 13:01:46 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.23 13:00:21 | 000,043,818 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013.04.23 13:00:21 | 000,043,818 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013.04.23 13:00:18 | 000,022,960 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013.04.23 12:28:15 | 000,694,232 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat
[2013.04.23 12:28:15 | 000,693,256 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00A.dat
[2013.04.23 12:28:15 | 000,688,910 | ---- | M] () -- C:\WINDOWS\SysNative\perfh010.dat
[2013.04.23 12:28:15 | 000,679,144 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0816.dat
[2013.04.23 12:28:15 | 000,610,004 | ---- | M] () -- C:\WINDOWS\SysNative\perfh01F.dat
[2013.04.23 12:28:15 | 000,136,864 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00A.dat
[2013.04.23 12:28:15 | 000,133,554 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0816.dat
[2013.04.23 12:28:15 | 000,129,942 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat
[2013.04.23 12:28:15 | 000,126,946 | ---- | M] () -- C:\WINDOWS\SysNative\perfc010.dat
[2013.04.23 12:28:15 | 000,121,328 | ---- | M] () -- C:\WINDOWS\SysNative\perfc01F.dat
[2013.04.23 12:21:28 | 000,014,832 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 12:21:28 | 000,014,832 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 22:30:17 | 000,000,599 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013.04.22 22:08:17 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft-Maus- und Tastatur-Center installieren.lnk
[2013.04.22 21:47:40 | 000,042,672 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\fsbts.sys
[2013.04.22 21:47:34 | 000,019,653 | ---- | M] () -- C:\WINDOWS\prodsett_copy.ini
[2013.04.22 21:33:29 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Launch Pad.lnk
[2013.04.22 21:27:32 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.22 20:18:57 | 000,000,355 | ---- | M] () -- C:\Users\David\Desktop\Computer - Verknüpfung.lnk
[2013.04.22 18:07:20 | 000,000,000 | ---- | M] () -- C:\Users\David\AppData\Local\{21BB0CD3-97D2-4E03-8E5E-040EB6A4708C}
[2013.04.22 18:05:45 | 000,057,119 | ---- | M] () -- C:\WINDOWS\Ascd_log.ini
[2013.04.22 18:03:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.04.22 17:00:30 | 000,016,896 | ---- | M] (ASUS) -- C:\WINDOWS\AsTaskSched.dll
[2013.04.22 17:00:11 | 000,040,227 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2013.04.22 16:59:58 | 000,001,769 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2013.04.22 16:50:24 | 000,000,000 | -H-- | M] () -- C:\Users\David\Documents\Default.rdp
[2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\David\AppData\Local\*.tmp files -> C:\Users\David\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.25 16:09:19 | 000,000,079 | ---- | C] () -- C:\Users\David\Desktop\Huntersoft Free Download.url
[2013.04.25 16:09:17 | 000,001,159 | ---- | C] () -- C:\Users\David\Desktop\Unknown Device Identifier.lnk
[2013.04.24 14:38:47 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2013.04.24 14:38:47 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013.04.23 15:34:01 | 000,890,815 | ---- | C] () -- C:\Users\David\Desktop\SecurityCheck.exe
[2013.04.23 15:07:25 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk
[2013.04.23 13:44:17 | 000,387,867 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.04.23 13:30:56 | 000,001,438 | ---- | C] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.23 13:00:18 | 000,022,960 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013.04.23 12:57:31 | 000,043,818 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013.04.23 12:57:31 | 000,043,818 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013.04.23 12:57:00 | 002,953,448 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2013.04.23 12:56:18 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013.04.23 10:53:56 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.22 22:30:17 | 000,000,599 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013.04.22 22:08:17 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft-Maus- und Tastatur-Center installieren.lnk
[2013.04.22 21:47:40 | 000,042,672 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\fsbts.sys
[2013.04.22 21:47:34 | 000,019,653 | ---- | C] () -- C:\WINDOWS\prodsett_copy.ini
[2013.04.22 21:33:29 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Launch Pad.lnk
[2013.04.22 21:27:32 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.22 20:18:57 | 000,000,355 | ---- | C] () -- C:\Users\David\Desktop\Computer - Verknüpfung.lnk
[2013.04.22 20:14:36 | 000,013,189 | R--- | C] () -- C:\WINDOWS\instwcli.inf
[2013.04.22 20:14:32 | 000,015,565 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\fwlanusbn.bin
[2013.04.22 18:07:05 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{21BB0CD3-97D2-4E03-8E5E-040EB6A4708C}
[2013.04.22 18:03:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.04.22 18:03:28 | 000,015,128 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\IntelMEFWVer.dll
[2013.04.22 17:07:33 | 000,001,332 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\DTSU2P.DAT
[2013.04.22 17:07:07 | 000,206,088 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\RTAIODAT.DAT
[2013.04.22 17:02:49 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.22 17:02:08 | 000,001,108 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.22 17:02:08 | 000,001,104 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.22 17:01:47 | 000,057,119 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2013.04.22 16:59:51 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2013.04.22 16:59:47 | 000,040,227 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2013.04.22 16:50:24 | 000,000,000 | -H-- | C] () -- C:\Users\David\Documents\Default.rdp
[2013.04.22 16:38:16 | 4259,774,462 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012.01.10 20:39:16 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

t'john 27.04.2013 15:22
Ou man... deinstalliere den ganzen Crap, der mit der Recovery mitinstalliert wurde.

Insbesondere alles von Norton und F-Secure.

Tklr 27.04.2013 18:55
Wie meinst du? F-Secure musste ich neu installieren und Norton habe ich doch bereits deinstalliert.

t'john 28.04.2013 14:47
Ja, aber die Reste sind noch da, versuche es mal mit: ftp://ftp.symantec.com/public/deutsc...moval_Tool.exe

Tklr 29.04.2013 13:30
Meine Maus spielt ab und an verrückt. Wenn ich sie Bewege, laggt die nur noch hinterher oder bewegt sich kaum.

t'john 29.04.2013 14:43
Maus defekt?

Am anderen PC probiert?
Andere Maus zur Hand?

Tklr 29.04.2013 14:52
Mhm die maus habe ich erst seit einem Jahr und wie gesagt es ist nicht immer der Fall, dass sie spinnt. Und wie siehts mit meinem pc eig aus?

t'john 29.04.2013 20:26
Scheint alles OK,

zur Kontrolle:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




dann:
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Tklr 02.05.2013 16:24
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.02.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
David :: DAVID-PC [Administrator]

02.05.2013 17:22:06
mbam-log-2013-05-02 (17-22-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270392
Laufzeit: 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Results of screen317's Security Check version 0.99.62 
  x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Computer Security 
Windows Defender   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Google Chrome 11.0.696.77 
 Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent```````` 
 Internet Security apps ComputerSecurity Anti-Virus\FSGK32.EXE
 Internet Security apps ComputerSecurity Anti-Virus\fssm32.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

t'john 03.05.2013 09:27
Japp, alles prima ;)

Tklr 03.05.2013 20:34
Okay vielen Dank! Woran kann aber die Verlangsamung des PC liegen?

t'john 03.05.2013 20:48
Was meinst du mit Verlangsamung?

Wann war es schneller?

Du vergleichst doch nicht Windows 7 und Windows 8, oder?

Tklr 04.05.2013 14:29
Das Internet ist um einiges langsamer als vor dem neu aufsetzen.

t'john 04.05.2013 19:36
Wie hat du das gemessen?

Tklr 05.05.2013 10:44
Das Internet ladet merklich langsamer o.o und auch beim Aufstarten sowie beim Öffnen von Dateien/Programmen braucht er länger.

t'john 05.05.2013 11:48
Zitat:
Das Internet ladet merklich langsamer o.o und auch beim Aufstarten sowie beim Öffnen von Dateien/Programmen braucht er länger.
Nochmal: Du vergleichst doch nicht Windows 7 und Windows 8, oder?

Tklr 05.05.2013 14:35
doch? ^^

t'john 05.05.2013 14:45
ja, und nach meiner Erfahrung laeuft Windows 7 viel besser und angenehmer als Win 8


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55