Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Holasearch (https://www.trojaner-board.de/138474-holasearch.html)

babynator55 19.07.2013 22:42
Holasearch
 
Hallo.
Bin ein absoluter Anfänger und mich hats erwischt.
Habe gestern eine Software, die meinen MB verbrauch beim Internet zählen sollte bei "Softonic" runtergeladen.
Resultat: Habe heute gemerkt, das eine gewisse Seite namens "Holasearch" aufgetaucht ist.
Hab mich dann in meinen Email Account und einen anderen Account eingeloggt.
Resultat: Später konnte ich mich in beide nicht mehr einloggen, über dieses Notebook.
Über meinen normalen PC kann ich mich weiterhin dort einloggen.
Bei dem einen Account ist sogar das PW scheinbar verändert. => Hab ihn sofort gelöscht.

Ich habe das Notebook genau 3 Tage und die erste Software die ich runterlade macht so einen Mist? o.O

Naja . Jetzt brauch ich bitte Hilfe, hab kp wie ich den Virus wegbekomme.

Wäre super nett wenn jemand mir hilft.
Danke

Hab mir direkt auch Kaspersky gekauft und installiert... Der sagt aber gar nix zu Virus ...

cosinus 20.07.2013 05:07
Hallo und :hallo:

Zitat:
Habe gestern eine Software, die meinen MB verbrauch beim Internet zählen sollte bei "Softonic" runtergeladen.
Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony aber nicht von solchen Toolbarklitschen wie Softonic!


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

babynator55 20.07.2013 13:17
Also. Hab malwarebytes runtergeladen, komplett durch das system scannen lassen und es
wurden 6 infizierte Dateien gefunden.


Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.20.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
andre_000 :: ANDRE [Administrator]

Schutz: Aktiviert

20.07.2013 11:42:33
MBAM-log-2013-07-20 (13-13-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 430504
Laufzeit: 1 Stunde(n), 26 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (Adware.BProtector) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (Adware.BProtector) -> Bösartig: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) Gut: () -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 3
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (Adware.BProtector) -> Keine Aktion durchgeführt.
C:\Users\andre_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N94JPJ3K\pack[1].7z (Adware.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

(Ende)
Was soll ich jetzt machen?
Bei malwarebytess "Entferne Auswahl" klicken? Ist dann alles erledigt?

cosinus 21.07.2013 13:43
Du solltest noch keinen neuen Scan machen, nur schon vorhandene Logs posten!
Sind das nun alle Logs? Wenn nicht bitte alle nachreichen
Hast du die Funde entfernen lassen?

Außerdem ein Log mit FRST bitte:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


babynator55 21.07.2013 14:30
Ja, ich weiß das mit den vorhandenen Logs. Aber die findet man nur in dem Antivirenprogramm was auf dem Notebook war oder?
Aber es ist ja so: Ich hatte nachdem Virusbefall ein neues Antivirenprogramm gekauft (kaspersky) und der hat verlangt , das das alte (MC Afee) komplett gelöscht wird. Sodass ich jetzt den neuen Scan machen musste.
Weitere logdateien habe ich nicht.
Das mit FRSTmache ich jetzt

1. FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by andre_000 (administrator) on 21-07-2013 15:21:09
Running from C:\Users\andre_000\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Windows\BrowserChoice\browserchoice.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) c:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Farbar) C:\Users\andre_000\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-11] (ELAN Microelectronics Corp.)
HKCU\...\Run: [BrowserChoice] - C:\Windows\BrowserChoice\browserchoice.exe [86696 2012-08-15] (Microsoft Corporation)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -k -h [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - "C:\Dolby PCEE4\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] -  [x]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [1074736 2013-07-02] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-07-02] (Iminent)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe" [24504 2012-10-25] (Kaspersky Lab ZAO)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-07-20] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-07-20] (Acer Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=F0AA1A3E8E34FD4B&affID=121963&tsp=4946
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {F3918A6F-45FB-409F-AB69-6E311B024179} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {F3918A6F-45FB-409F-AB69-6E311B024179} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {F3918A6F-45FB-409F-AB69-6E311B024179} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {F3918A6F-45FB-409F-AB69-6E311B024179} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {F3918A6F-45FB-409F-AB69-6E311B024179} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.holasearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F0AA1A3E8E34FD4B&affID=121963&tsp=4946
SearchScopes: HKCU - {F3918A6F-45FB-409F-AB69-6E311B024179} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: holasearch Helper Object - {DFF9B2DA-EF99-4B26-83CB-7058299999D8} - C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\bh\holasearch.dll (holasearch.com)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SeeSimilar - {F225A2E3-8EE1-4204-B7A0-F4C551578A87} - C:\Program Files (x86)\SeeSimilar\ScriptHost.dll (SeeSimilar.com)
Toolbar: HKLM-x32 - Holasearch Toolbar - {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll (holasearch.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) =================

S2 0320371374265676mcinstcleanup; C:\Users\ANDRE_~1\AppData\Local\Temp\032037~1.EXE [833616 2013-01-30] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-07-19] (Kaspersky Lab ZAO)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-27] (Dritek System INC.)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2729512 2013-07-02] (Iminent)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [619616 2013-07-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29016 2013-07-19] (Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-07-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-07-19] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-27] (Dritek System Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-21 15:21 - 2013-07-21 15:21 - 00000000 ____D C:\FRST
2013-07-21 15:20 - 2013-07-21 15:20 - 01779345 _____ (Farbar) C:\Users\andre_000\Downloads\FRST64 (1).exe
2013-07-21 15:16 - 2013-07-21 15:16 - 01779345 _____ (Farbar) C:\Users\andre_000\Downloads\FRST64.exe
2013-07-21 15:16 - 2013-07-21 15:16 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-07-21 15:14 - 2013-07-21 15:14 - 01311784 _____ (iMesh Inc.) C:\Users\andre_000\Downloads\iMeshSetup-r1487-w-bi.exe
2013-07-21 15:14 - 2013-07-21 15:14 - 00000777 _____ C:\Users\Public\Desktop\iMesh.lnk
2013-07-21 15:08 - 2013-07-21 15:08 - 00003552 _____ C:\Windows\System32\Tasks\CreateChoiceProcessTask
2013-07-21 14:57 - 2013-07-21 15:08 - 00000000 ___RD C:\Windows\BrowserChoice
2013-07-20 11:41 - 2013-06-24 00:41 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-20 11:39 - 2013-07-20 11:39 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Malwarebytes
2013-07-20 11:38 - 2013-07-20 11:38 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-20 11:38 - 2013-07-20 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-20 11:38 - 2013-07-20 11:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 11:38 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-20 11:37 - 2013-07-20 11:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\andre_000\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-19 23:02 - 2013-07-19 23:02 - 00028727 _____ C:\AdwCleaner[R1].txt
2013-07-19 23:00 - 2013-07-19 23:02 - 00666633 _____ C:\Users\andre_000\Downloads\AdwCleaner.exe
2013-07-19 22:53 - 2013-07-19 22:53 - 00002344 _____ C:\Users\andre_000\Desktop\Sicherer Zahlungsverkehr.lnk
2013-07-19 22:53 - 2013-07-19 22:53 - 00001327 _____ C:\Users\andre_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013.lnk
2013-07-19 22:50 - 2013-07-19 22:50 - 00001150 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-19 22:50 - 2012-07-11 17:09 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2013-07-19 22:48 - 2013-07-21 15:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-19 22:48 - 2013-07-19 23:31 - 00619616 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-07-19 22:48 - 2013-07-19 23:31 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-07-19 22:48 - 2013-07-19 22:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-19 22:35 - 2013-07-21 15:01 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-19 22:33 - 2013-05-02 17:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-07-19 22:30 - 2013-07-19 22:30 - 00000000 ___HD C:\kleaner.tmp
2013-07-19 22:10 - 2013-07-19 22:22 - 00000000 ____D C:\Users\andre_000\Desktop\Kaspersky Internet Security 2013 (Download)
2013-07-19 22:10 - 2013-07-19 22:10 - 00983920 _____ (Amazon Services LLC) C:\Users\andre_000\Downloads\Kaspersky_Internet_Security_2013_Downloader.exe
2013-07-19 20:29 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 20:29 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 19:21 - 2013-07-19 19:22 - 00000000 ____D C:\Users\andre_000\Desktop\Badoo
2013-07-19 18:20 - 2013-07-19 18:20 - 00000117 _____ C:\Windows\system32\netcfg-39437.txt
2013-07-17 23:56 - 2013-07-17 23:56 - 00000117 _____ C:\Windows\system32\netcfg-6933843.txt
2013-07-17 23:46 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2013-07-17 23:46 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2013-07-17 23:46 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2013-07-17 23:46 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_10ec.dll
2013-07-17 23:46 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-07-17 23:46 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-07-17 23:46 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2013-07-17 23:46 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-07-17 23:46 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-07-17 23:46 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-07-17 23:46 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2013-07-17 23:46 - 2013-04-09 06:51 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-17 23:46 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2013-07-17 23:46 - 2013-04-09 06:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-07-17 23:46 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-07-17 23:46 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-07-17 23:46 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-07-17 23:46 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-07-17 23:46 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-17 23:46 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2013-07-17 23:46 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-07-17 23:46 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2013-07-17 23:46 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-07-17 23:46 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\fhengine.dll
2013-07-17 23:46 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2013-07-17 23:46 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2013-07-17 23:46 - 2013-04-09 06:48 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-17 23:46 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2013-07-17 23:46 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-07-17 23:46 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2013-07-17 23:46 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-07-17 23:46 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-07-17 23:46 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-07-17 23:46 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-07-17 23:46 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-07-17 23:46 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-07-17 23:46 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-07-17 23:46 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-07-17 23:46 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-07-17 23:46 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-07-17 23:46 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-07-17 23:46 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-07-17 23:46 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-07-17 23:46 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-07-17 23:46 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-07-17 23:46 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-07-17 23:46 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-07-17 23:46 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-17 23:46 - 2013-04-08 23:51 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-07-17 23:46 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-07-17 23:46 - 2013-03-30 20:16 - 01403784 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-17 23:46 - 2013-03-30 20:16 - 01267424 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-17 23:46 - 2013-03-29 00:09 - 01217328 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-17 23:46 - 2013-03-29 00:09 - 01093880 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-07-17 23:46 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2013-07-17 23:46 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-07-17 23:46 - 2013-03-02 12:39 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2013-07-17 23:46 - 2013-03-02 04:43 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2013-07-17 23:46 - 2013-02-07 03:33 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-07-17 23:46 - 2013-02-02 10:23 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-07-17 23:46 - 2012-09-20 08:32 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2013-07-17 23:46 - 2012-09-20 07:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2013-07-17 23:45 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2013-07-17 23:45 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\Windows\system32\kdvm.dll
2013-07-17 23:45 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-07-17 23:45 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2013-07-17 23:45 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2013-07-17 23:45 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-07-17 23:45 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2013-07-17 23:45 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-07-17 23:45 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-07-17 23:45 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-07-17 23:45 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2013-07-17 23:45 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll
2013-07-17 23:45 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2013-07-17 23:45 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2013-07-17 23:45 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2013-07-17 23:45 - 2013-04-08 23:52 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-17 23:45 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-07-17 23:45 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-07-17 23:45 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-07-17 23:45 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-07-17 23:45 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-07-17 23:45 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-07-17 23:45 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-07-17 23:45 - 2013-02-02 10:40 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-07-17 23:45 - 2013-01-10 03:40 - 00303848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-07-17 23:45 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-17 23:45 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-17 23:45 - 2012-11-20 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidi2c.sys
2013-07-17 23:45 - 2012-11-06 09:33 - 00522640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2013-07-17 23:45 - 2012-11-06 07:00 - 00463768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2013-07-17 23:45 - 2012-11-06 06:18 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2013-07-17 23:45 - 2012-10-11 07:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-07-17 23:45 - 2012-10-11 07:44 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2013-07-17 23:45 - 2012-10-11 07:06 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2013-07-17 23:45 - 2012-10-11 07:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-07-17 23:45 - 2012-09-20 08:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\fhmanagew.exe
2013-07-17 23:45 - 2012-09-20 08:33 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2013-07-17 23:45 - 2012-09-20 08:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2013-07-17 23:45 - 2012-09-20 08:32 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2013-07-17 23:45 - 2012-09-20 08:32 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2013-07-17 23:45 - 2012-09-20 08:32 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2013-07-17 23:45 - 2012-09-20 08:32 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2013-07-17 23:45 - 2012-09-20 08:32 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2013-07-17 23:45 - 2012-09-20 08:32 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\fhcat.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\fhshl.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\fhsvc.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\fhsrchapi.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fhevents.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\fhsrchph.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\fhlisten.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\fhautoplay.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\fhcleanup.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\fhtask.dll
2013-07-17 23:45 - 2012-09-20 08:31 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\fhsvcctl.dll
2013-07-17 23:45 - 2012-09-20 08:12 - 09374208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-07-17 23:45 - 2012-09-20 08:09 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2013-07-17 23:45 - 2012-09-20 07:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2013-07-17 23:45 - 2012-09-20 07:55 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2013-07-17 23:45 - 2012-09-20 07:54 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2013-07-17 23:45 - 2012-09-20 07:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2013-07-17 23:45 - 2012-09-20 07:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2013-07-17 23:45 - 2012-09-20 07:54 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2013-07-17 23:45 - 2012-09-20 07:54 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2013-07-17 23:45 - 2012-09-20 07:54 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2013-07-17 23:45 - 2012-09-20 07:32 - 09374208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-07-17 23:44 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-07-17 23:44 - 2013-05-04 08:59 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-07-17 23:44 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-07-17 23:44 - 2013-05-04 08:59 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-07-17 23:44 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-07-17 23:44 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-07-17 23:44 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2013-07-17 23:44 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-07-17 23:44 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-17 23:44 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2013-07-17 23:44 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2013-07-17 23:44 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-07-17 23:44 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-07-17 23:44 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-07-17 23:44 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-07-17 23:44 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-07-17 23:43 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2013-07-17 23:43 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-07-17 23:43 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-07-17 23:43 - 2013-05-04 09:34 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-17 23:43 - 2013-05-04 09:30 - 00058312 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-07-17 23:43 - 2013-05-04 08:59 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-07-17 23:43 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2013-07-17 23:43 - 2013-05-04 08:59 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-07-17 23:43 - 2013-05-04 08:59 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-07-17 23:43 - 2013-05-04 08:59 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-07-17 23:43 - 2013-05-04 08:59 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-07-17 23:43 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-07-17 23:43 - 2013-05-04 08:58 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-07-17 23:43 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-07-17 23:43 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2013-07-17 23:43 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2013-07-17 23:43 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2013-07-17 23:43 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2013-07-17 23:43 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2013-07-17 23:43 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2013-07-17 23:43 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2013-07-17 23:43 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2013-07-17 23:43 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2013-07-17 23:43 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-07-17 23:43 - 2013-05-04 06:58 - 00621056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-07-17 23:43 - 2013-05-04 06:58 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-07-17 23:43 - 2013-05-04 06:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-07-17 23:43 - 2013-05-04 06:58 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-07-17 23:43 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-07-17 23:43 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-07-17 23:43 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-07-17 23:43 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-07-17 23:43 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-07-17 23:43 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-17 23:43 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-07-17 23:43 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-07-17 23:43 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-07-17 23:43 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-07-17 23:43 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2013-07-17 23:43 - 2013-05-04 06:48 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-07-17 23:43 - 2013-05-04 06:48 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2013-07-17 23:43 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-07-17 23:43 - 2013-05-03 00:04 - 00386646 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-17 23:43 - 2013-03-02 12:57 - 00337128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-17 23:43 - 2013-03-02 04:45 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-17 23:43 - 2013-03-02 04:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2013-07-17 23:43 - 2013-03-02 04:45 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-07-17 23:43 - 2013-02-02 10:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-07-17 23:43 - 2013-02-02 10:39 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-07-17 23:43 - 2012-11-06 06:20 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-07-17 23:43 - 2012-11-06 06:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2013-07-17 23:43 - 2012-11-06 06:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll
2013-07-17 23:43 - 2012-11-02 07:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-07-17 23:42 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-07-17 23:42 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-17 23:42 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-07-17 23:42 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-07-17 23:42 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-07-17 23:42 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-07-17 23:41 - 2013-03-02 12:57 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-07-17 23:41 - 2013-03-02 12:57 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2013-07-17 23:41 - 2013-03-02 12:45 - 00194792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-17 23:41 - 2013-03-02 12:45 - 00148712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-07-17 23:41 - 2013-03-02 12:45 - 00125160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-17 23:41 - 2013-03-02 12:39 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2013-07-17 23:41 - 2013-03-02 12:39 - 00327912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-07-17 23:41 - 2013-03-02 10:23 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-17 23:41 - 2013-03-02 10:23 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-07-17 23:41 - 2013-03-02 10:23 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-07-17 23:41 - 2013-03-02 10:23 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-07-17 23:41 - 2013-03-02 10:23 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-07-17 23:41 - 2013-03-02 10:22 - 05091840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-17 23:41 - 2013-03-02 10:22 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-17 23:41 - 2013-03-02 10:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-07-17 23:41 - 2013-03-02 10:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-07-17 23:41 - 2013-03-02 10:21 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-07-17 23:41 - 2013-03-02 04:45 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-17 23:41 - 2013-03-02 04:45 - 01161728 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-07-17 23:41 - 2013-03-02 04:45 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2013-07-17 23:41 - 2013-03-02 04:45 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-07-17 23:41 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2013-07-17 23:41 - 2013-03-02 04:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2013-07-17 23:41 - 2013-03-02 04:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2013-07-17 23:41 - 2013-03-02 04:45 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2013-07-17 23:41 - 2013-03-02 04:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2013-07-17 23:41 - 2013-03-02 04:45 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2013-07-17 23:41 - 2013-03-02 04:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-07-17 23:41 - 2013-03-02 04:44 - 05978624 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-17 23:41 - 2013-03-02 04:44 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-17 23:41 - 2013-03-02 04:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-07-17 23:41 - 2013-03-02 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2013-07-17 23:41 - 2013-03-02 04:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-07-17 23:41 - 2013-03-02 04:44 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2013-07-17 23:41 - 2013-03-02 04:44 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\NdisImPlatform.dll
2013-07-17 23:41 - 2013-03-02 04:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2013-07-17 23:41 - 2013-03-02 04:43 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2013-07-17 23:41 - 2013-03-01 06:56 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2013-07-17 23:41 - 2013-03-01 06:55 - 01175040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-07-17 23:40 - 2013-05-24 01:01 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-07-17 23:40 - 2013-05-24 00:27 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-07-17 23:40 - 2013-03-02 10:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-07-17 23:40 - 2013-03-02 10:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-07-17 23:40 - 2013-03-02 04:45 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\WSDPrintProxy.DLL
2013-07-17 23:40 - 2013-03-02 04:44 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-07-17 23:40 - 2013-03-02 04:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2013-07-17 23:40 - 2013-03-01 06:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2013-07-17 23:40 - 2013-01-09 05:59 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2013-07-17 23:40 - 2013-01-09 05:58 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2013-07-17 23:39 - 2013-01-10 03:53 - 00028904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys
2013-07-17 23:39 - 2013-01-10 03:29 - 00785504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-07-17 23:39 - 2013-01-10 03:29 - 00091880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-07-17 23:39 - 2013-01-10 01:26 - 01752064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2013-07-17 23:39 - 2013-01-10 01:26 - 01611776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2013-07-17 23:39 - 2013-01-10 01:26 - 00890880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-07-17 23:39 - 2013-01-10 01:26 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2013-07-17 23:39 - 2013-01-10 01:26 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2013-07-17 23:39 - 2013-01-10 01:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
2013-07-17 23:39 - 2013-01-10 01:26 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-17 23:39 - 2013-01-10 01:23 - 02094592 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2013-07-17 23:39 - 2013-01-10 01:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2013-07-17 23:39 - 2013-01-10 01:23 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2013-07-17 23:39 - 2013-01-10 01:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-17 23:39 - 2013-01-10 01:23 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2013-07-17 23:39 - 2013-01-10 01:23 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2013-07-17 23:39 - 2013-01-10 01:23 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\wiaacmgr.exe
2013-07-17 23:39 - 2013-01-10 01:22 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-07-17 23:39 - 2013-01-10 01:22 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-07-17 23:39 - 2013-01-10 01:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2013-07-17 23:39 - 2013-01-10 01:22 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2013-07-17 23:39 - 2013-01-10 01:22 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2013-07-17 23:39 - 2013-01-09 05:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-07-17 23:39 - 2012-11-02 07:19 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2013-07-17 23:39 - 2012-11-02 07:18 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2013-07-17 23:39 - 2012-11-02 07:18 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2013-07-17 23:39 - 2012-11-02 07:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\adhapi.dll
2013-07-17 23:39 - 2012-11-02 07:18 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2013-07-17 23:39 - 2012-11-02 07:18 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2013-07-17 23:35 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-17 23:30 - 2012-08-31 02:52 - 00017888 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2013-07-17 23:29 - 2012-08-31 02:53 - 00017888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2013-07-17 23:21 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-17 23:21 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-17 23:17 - 2013-04-11 08:40 - 06987528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-17 23:16 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-17 23:16 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-17 23:16 - 2013-01-29 03:57 - 00035232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-07-17 23:16 - 2013-01-29 01:08 - 00230904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-07-17 23:15 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-17 23:15 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-17 23:15 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-17 23:15 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-17 23:15 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-17 23:15 - 2013-04-24 01:13 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-17 23:15 - 2013-04-24 01:12 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-17 23:15 - 2013-04-24 01:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-17 23:15 - 2013-04-24 00:56 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-17 23:15 - 2013-04-24 00:55 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-17 23:15 - 2013-04-24 00:55 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-17 23:15 - 2013-04-24 00:55 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-17 23:14 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-17 23:14 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-17 23:14 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-17 23:14 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-17 23:14 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-17 23:14 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-17 23:14 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-17 23:14 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-17 23:14 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-17 23:14 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-17 23:14 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-17 23:14 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-17 23:14 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-17 23:14 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-17 23:14 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-17 23:14 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-07-17 23:14 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-07-17 23:14 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-17 23:14 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-17 23:14 - 2013-05-04 09:45 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-17 23:14 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-07-17 23:14 - 2013-04-27 07:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-17 23:14 - 2013-04-03 01:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-17 23:14 - 2013-04-03 01:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-17 23:14 - 2013-03-15 02:17 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-07-17 23:14 - 2013-03-02 11:59 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-07-17 23:14 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-17 23:14 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-17 23:14 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-17 23:14 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-17 23:14 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-17 23:14 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-17 23:14 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-07-17 23:14 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-17 23:14 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-17 23:13 - 2013-03-06 09:10 - 00112872 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-17 23:13 - 2013-03-06 08:31 - 19758592 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-17 23:13 - 2013-03-06 08:31 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-17 23:13 - 2013-03-06 08:29 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-17 23:13 - 2013-03-06 07:03 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-17 23:13 - 2013-03-06 07:03 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-17 23:12 - 2013-03-22 05:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-07-17 23:12 - 2013-03-22 00:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-07-17 23:12 - 2013-03-02 10:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-07-17 23:12 - 2013-03-02 04:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2013-07-17 23:12 - 2012-12-15 06:55 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2013-07-17 23:12 - 2012-11-03 07:26 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\sysreset.exe
2013-07-17 23:12 - 2012-11-03 07:25 - 00945152 _____ (Microsoft Corporation) C:\Windows\system32\resetengmig.dll
2013-07-17 23:05 - 2012-11-10 06:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-07-17 23:05 - 2012-11-10 06:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-07-17 23:05 - 2012-11-10 06:22 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-07-17 23:05 - 2012-11-10 06:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2013-07-17 23:05 - 2012-11-10 06:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2013-07-17 23:05 - 2012-11-10 06:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2013-07-17 23:01 - 2012-11-03 07:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2013-07-17 23:01 - 2012-11-03 07:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2013-07-17 23:01 - 2012-11-03 07:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-07-17 23:01 - 2012-11-03 07:24 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-07-17 23:01 - 2012-11-03 07:24 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2013-07-17 23:01 - 2012-11-03 07:24 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2013-07-17 23:01 - 2012-11-03 07:24 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2013-07-17 23:01 - 2012-11-03 07:24 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2013-07-17 23:01 - 2012-11-03 07:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2013-07-17 23:01 - 2012-11-03 07:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2013-07-17 23:01 - 2012-11-03 07:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2013-07-17 23:01 - 2012-11-03 07:04 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2013-07-17 23:01 - 2012-11-03 07:00 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2013-07-17 23:01 - 2012-11-03 07:00 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-07-17 23:01 - 2012-11-01 06:41 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-17 23:01 - 2012-11-01 06:41 - 01438720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-17 23:01 - 2012-11-01 06:40 - 02361344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-07-17 23:01 - 2012-11-01 06:40 - 01836032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-07-17 23:01 - 2012-11-01 06:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2013-07-17 23:01 - 2012-11-01 06:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-07-17 23:01 - 2012-11-01 06:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2013-07-17 23:01 - 2012-11-01 06:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-07-17 23:01 - 2012-10-24 05:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2013-07-17 23:01 - 2012-10-24 05:24 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2013-07-17 23:01 - 2012-10-24 05:24 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2013-07-17 23:01 - 2012-10-24 05:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2013-07-17 23:01 - 2012-10-10 09:04 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-07-17 23:01 - 2012-10-10 08:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-07-17 22:59 - 2013-02-02 13:19 - 00496872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-07-17 22:59 - 2013-02-02 12:54 - 01933544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-17 22:59 - 2013-02-02 12:28 - 00993512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-17 22:59 - 2013-02-02 10:38 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-07-17 22:59 - 2013-02-02 10:23 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\wlroamextension.dll
2013-07-17 22:59 - 2013-02-02 10:23 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2013-07-17 22:59 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2013-07-17 22:59 - 2013-02-02 10:21 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-07-17 22:59 - 2013-02-02 10:20 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2013-07-17 22:59 - 2012-09-20 09:55 - 00488168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-07-17 22:58 - 2013-02-02 13:19 - 00061672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-07-17 22:58 - 2013-02-02 10:40 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-07-17 22:58 - 2013-02-02 10:40 - 00370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-07-17 22:58 - 2013-02-02 10:40 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-07-17 22:58 - 2013-02-02 10:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-07-17 22:58 - 2013-02-02 10:40 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-07-17 22:58 - 2013-02-02 10:39 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-07-17 22:58 - 2013-02-02 10:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-07-17 22:58 - 2013-02-02 10:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe
2013-07-17 22:58 - 2013-02-02 10:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe
2013-07-17 22:58 - 2013-02-02 10:23 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-07-17 22:58 - 2013-02-02 10:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-07-17 22:58 - 2013-02-02 10:21 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-07-17 22:58 - 2013-02-02 10:20 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\hotspotauth.dll
2013-07-17 22:58 - 2013-02-02 09:25 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-07-17 22:58 - 2013-02-02 09:25 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-17 22:58 - 2012-11-27 05:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2013-07-17 22:58 - 2012-11-27 05:55 - 00029952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthhfHid.sys
2013-07-17 22:58 - 2012-11-26 06:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2013-07-17 22:58 - 2012-11-26 06:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2013-07-17 22:58 - 2012-11-20 06:56 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-07-17 22:58 - 2012-09-20 09:55 - 00079080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-07-17 22:58 - 2012-09-20 09:55 - 00021736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-07-17 22:58 - 2012-09-20 08:32 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-07-17 22:58 - 2012-09-20 08:32 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-07-17 22:58 - 2012-09-20 08:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-07-17 22:57 - 2013-02-06 00:29 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-07-17 22:57 - 2013-02-06 00:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-07-17 22:57 - 2013-02-02 07:41 - 01437184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-07-17 22:57 - 2013-02-02 07:31 - 01690624 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-07-17 22:56 - 2013-02-12 02:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-17 22:55 - 2012-12-16 10:28 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-17 22:55 - 2012-12-16 10:20 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-17 22:55 - 2012-12-16 10:08 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-17 22:55 - 2012-12-16 09:57 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-17 22:55 - 2012-11-08 06:24 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-07-17 22:55 - 2012-11-08 06:24 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-07-17 22:55 - 2012-11-08 06:20 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-07-17 22:55 - 2012-11-08 06:20 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-07-17 22:55 - 2012-11-08 06:02 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-07-17 22:55 - 2012-11-08 06:01 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-07-17 22:47 - 2012-10-24 05:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2013-07-17 22:47 - 2012-10-24 04:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-07-17 22:47 - 2012-10-06 06:53 - 02893824 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-17 22:47 - 2012-10-06 06:15 - 02400256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-17 22:33 - 2013-07-17 22:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-17 22:33 - 2013-07-17 22:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-17 22:13 - 2013-07-17 22:13 - 00003396 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\SeeSimilar
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Mozilla
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Babylon
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\BabSolution
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Program Files (x86)\SeeSimilar
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Program Files (x86)\holasearch
2013-07-17 22:12 - 2013-07-17 22:12 - 00000635 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-17 22:12 - 2013-07-17 22:12 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Iminent
2013-07-17 22:12 - 2013-07-17 22:12 - 00000000 ____D C:\ProgramData\Iminent
2013-07-17 22:12 - 2013-07-17 22:12 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-07-17 22:08 - 2013-07-17 22:08 - 00393056 _____ (Softonic                                        ) C:\Users\andre_000\Downloads\SoftonicDownloader_fuer_netspeedmonitor.exe
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-54265.txt
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-51187.txt
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-45156.txt
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-45062.txt
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-44703.txt

==================== One Month Modified Files and Folders =======

2013-07-21 15:21 - 2013-07-21 15:21 - 00000000 ____D C:\FRST
2013-07-21 15:21 - 2013-07-19 22:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-21 15:20 - 2013-07-21 15:20 - 01779345 _____ (Farbar) C:\Users\andre_000\Downloads\FRST64 (1).exe
2013-07-21 15:16 - 2013-07-21 15:16 - 01779345 _____ (Farbar) C:\Users\andre_000\Downloads\FRST64.exe
2013-07-21 15:16 - 2013-07-21 15:16 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-07-21 15:14 - 2013-07-21 15:14 - 01311784 _____ (iMesh Inc.) C:\Users\andre_000\Downloads\iMeshSetup-r1487-w-bi.exe
2013-07-21 15:14 - 2013-07-21 15:14 - 00000777 _____ C:\Users\Public\Desktop\iMesh.lnk
2013-07-21 15:08 - 2013-07-21 15:08 - 00003552 _____ C:\Windows\System32\Tasks\CreateChoiceProcessTask
2013-07-21 15:08 - 2013-07-21 14:57 - 00000000 ___RD C:\Windows\BrowserChoice
2013-07-21 15:08 - 2013-04-06 12:03 - 00000000 ____D C:\Users\ANDRE_~1\AppData\Local\Packages
2013-07-21 15:08 - 2012-08-27 23:28 - 00000868 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-21 15:08 - 2012-08-03 19:17 - 00000000 ____D C:\ProgramData\PRICache
2013-07-21 15:05 - 2012-08-28 08:44 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-07-21 15:05 - 2012-08-28 08:44 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-07-21 15:05 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 15:02 - 2012-08-27 23:24 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-07-21 15:02 - 2012-08-27 23:24 - 00000000 ____D C:\Windows\system32\NV
2013-07-21 15:02 - 2012-08-27 23:23 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 15:01 - 2013-07-19 22:35 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-21 15:01 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 15:00 - 2012-08-07 03:17 - 00053284 _____ C:\Windows\system32\wpbbin.exe
2013-07-21 15:00 - 2012-08-03 19:14 - 00046674 _____ C:\Windows\PFRO.log
2013-07-21 15:00 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-07-21 14:58 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-21 14:58 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-21 14:55 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-21 14:52 - 2013-04-06 12:03 - 01362638 _____ C:\Windows\WindowsUpdate.log
2013-07-21 14:52 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-21 14:47 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-07-20 13:38 - 2012-07-26 09:21 - 00032276 _____ C:\Windows\setupact.log
2013-07-20 13:13 - 2012-08-27 23:28 - 00000870 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-20 11:52 - 2013-04-06 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-20 11:39 - 2013-07-20 11:39 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Malwarebytes
2013-07-20 11:38 - 2013-07-20 11:38 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-20 11:38 - 2013-07-20 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-20 11:38 - 2013-07-20 11:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 11:38 - 2013-07-20 11:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\andre_000\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-19 23:31 - 2013-07-19 22:48 - 00619616 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-07-19 23:31 - 2013-07-19 22:48 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-07-19 23:31 - 2012-10-25 12:42 - 00029016 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klkbdflt.sys
2013-07-19 23:31 - 2012-08-13 16:49 - 00178448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-07-19 23:31 - 2012-08-03 15:55 - 00050448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2013-07-19 23:02 - 2013-07-19 23:02 - 00028727 _____ C:\AdwCleaner[R1].txt
2013-07-19 23:02 - 2013-07-19 23:00 - 00666633 _____ C:\Users\andre_000\Downloads\AdwCleaner.exe
2013-07-19 22:53 - 2013-07-19 22:53 - 00002344 _____ C:\Users\andre_000\Desktop\Sicherer Zahlungsverkehr.lnk
2013-07-19 22:53 - 2013-07-19 22:53 - 00001327 _____ C:\Users\andre_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013.lnk
2013-07-19 22:50 - 2013-07-19 22:50 - 00001150 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-19 22:50 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-07-19 22:49 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-07-19 22:48 - 2013-07-19 22:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-19 22:34 - 2012-08-07 03:30 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-07-19 22:30 - 2013-07-19 22:30 - 00000000 ___HD C:\kleaner.tmp
2013-07-19 22:30 - 2012-08-07 03:30 - 00000000 ____D C:\ProgramData\McAfee
2013-07-19 22:30 - 2012-08-07 03:30 - 00000000 ____D C:\Program Files\mcafee
2013-07-19 22:22 - 2013-07-19 22:10 - 00000000 ____D C:\Users\andre_000\Desktop\Kaspersky Internet Security 2013 (Download)
2013-07-19 22:10 - 2013-07-19 22:10 - 00983920 _____ (Amazon Services LLC) C:\Users\andre_000\Downloads\Kaspersky_Internet_Security_2013_Downloader.exe
2013-07-19 20:30 - 2013-04-06 12:05 - 00000000 ___RD C:\Users\andre_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-19 20:30 - 2013-04-06 12:05 - 00000000 ___RD C:\Users\andre_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-19 19:55 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-07-19 19:54 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-07-19 19:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-19 19:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-19 19:54 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-19 19:54 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Dism
2013-07-19 19:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-19 19:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-19 19:22 - 2013-07-19 19:21 - 00000000 ____D C:\Users\andre_000\Desktop\Badoo
2013-07-19 18:20 - 2013-07-19 18:20 - 00000117 _____ C:\Windows\system32\netcfg-39437.txt
2013-07-17 23:56 - 2013-07-17 23:56 - 00000117 _____ C:\Windows\system32\netcfg-6933843.txt
2013-07-17 22:33 - 2013-07-17 22:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-17 22:33 - 2013-07-17 22:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-17 22:26 - 2013-04-06 12:13 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2955471422-289985821-123813040-1002
2013-07-17 22:13 - 2013-07-17 22:13 - 00003396 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\SeeSimilar
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Mozilla
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Babylon
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\BabSolution
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Program Files (x86)\SeeSimilar
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-17 22:13 - 2013-07-17 22:13 - 00000000 ____D C:\Program Files (x86)\holasearch
2013-07-17 22:12 - 2013-07-17 22:12 - 00000635 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-17 22:12 - 2013-07-17 22:12 - 00000000 ____D C:\Users\andre_000\AppData\Roaming\Iminent
2013-07-17 22:12 - 2013-07-17 22:12 - 00000000 ____D C:\ProgramData\Iminent
2013-07-17 22:12 - 2013-07-17 22:12 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-07-17 22:08 - 2013-07-17 22:08 - 00393056 _____ (Softonic                                        ) C:\Users\andre_000\Downloads\SoftonicDownloader_fuer_netspeedmonitor.exe
2013-07-17 22:05 - 2013-04-06 12:03 - 00000000 ____D C:\Users\andre_000
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-54265.txt
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-51187.txt
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-45156.txt
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-45062.txt
2013-07-17 22:04 - 2013-07-17 22:04 - 00000117 _____ C:\Windows\system32\netcfg-44703.txt
2013-06-28 00:04 - 2013-07-19 20:29 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-07-19 20:29 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-24 00:41 - 2013-07-20 11:41 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2012-07-26 01:55] - [2012-07-26 05:08] - 0516608 ____A (Microsoft Corporation) 93AB226C07A9789B2EC7B41F73602F76

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-07-26 02:00] - [2012-07-26 05:08] - 0030208 ____A (Microsoft Corporation) 57350BEDE3834915B6145B67C71C7BDA

C:\Windows\SysWOW64\svchost.exe
[2012-07-26 02:01] - [2012-07-26 05:20] - 0023040 ____A (Microsoft Corporation) 0A175AF8B65797BD22C11903A8BFEB2D

C:\Windows\System32\services.exe
[2012-07-26 07:26] - [2012-07-26 07:26] - 0410624 ____A (Microsoft Corporation) 754A2CC1F32107EA87CBD305ABE3E618

C:\Windows\System32\User32.dll
[2012-07-26 02:01] - [2012-07-26 05:07] - 1342464 ____A (Microsoft Corporation) 1D08594400EE1B500B93256795FE30AE

C:\Windows\SysWOW64\User32.dll
[2012-07-26 02:02] - [2012-07-26 02:02] - 1126912 ____A (Microsoft Corporation) 8A93F57772FD24959F76A65FF79D282D

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-17 22:27

==================== End Of Log ============================
--- --- ---

--- --- ---


2. Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2013
Ran by andre_000 at 2013-07-21 15:22:08
Running from C:\Users\andre_000\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
 clear.fi SDK - Video 2 (x32 Version: 2.1.1910)
 clear.fi SDK- Movie 2 (x32 Version: 2.1.1910)
Acer Backup Manager (x32 Version: 4.0.0.0053)
Acer Device Fast-lane (Version: 1.00.3003)
Acer Instant Update Service (Version: 1.00.3012)
Acer Power Management (Version: 7.00.3003)
Acer Recovery Management (Version: 6.00.3006)
AcerCloud (x32 Version: 2.01.3112)
AcerCloud Docs (x32 Version: 1.00.3103)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Aloha TriPeaks (x32 Version: 2.2.0.98)
Backup Manager v4 (x32 Version: 4.0.0.0053)
Bejeweled 3 (x32 Version: 2.2.0.98)
BrowserDefender (x32)
clear.fi Media (x32 Version: 2.01.3107)
clear.fi Photo (x32 Version: 2.01.3107)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98)
Der Schatz des Pharao XS (x32)
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.13)
eBay Worldwide (x32 Version: 2.3.0630)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110)
hola Chrome Toolbar (x32)
holasearch toolbar  (x32 Version: 1.8.16.16)
Identity Card (x32 Version: 2.00.3002)
Iminent (x32 Version: 6.27.21.0)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2828)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Launch Manager (x32 Version: 7.0.4)
Live Updater (x32 Version: 2.00.3002)
Magic Academy (x32 Version: 2.2.0.98)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
Moorhuhn Kart 2 XXL (x32)
Moorhuhn X - XS (x32)
MyWinLocker (Version: 4.0.14.35)
MyWinLocker 4 (x32 Version: 4.0.14.35)
MyWinLocker Suite (x32 Version: 4.0.14.24)
Norton Online Backup (x32 Version: 2.2.3.45)
Norton Online Backup ARA (x32 Version: 4.1.0.10)
NTI Media Maker 9 (x32 Version: 9.0.2.9008)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0613)
NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office Addin (x32 Version: 2.01.3102)
Penguins! (x32 Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.204)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 11.05)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6690)
Realtek PCIE Card Reader (x32 Version: 6.1.8400.27023)
SeeSimilar (x32 Version: 1.0.0.5)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Spotify (x32 Version: 0.8.4.99.ga249b5f1)
Tales of Lagoona (x32 Version: 2.2.0.110)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1)
Ware PS/2-X64 11.6.4.001_WHQL (Version: 11.6.4.001)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.10.15)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================

06-04-2013 11:20:45 Installed Microsoft Office Home and Student 2010-Testversion
17-07-2013 20:25:04 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02D8D8DE-9C72-4EAD-9CF3-CF46A2872769} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {064427E6-E2D8-4013-8467-43C6BE9F0F15} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {147AD429-E3B9-48D5-85D4-0DAB1CE496D8} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2955471422-289985821-123813040-500
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1C9F50E5-AD58-451E-B232-777E39EA92DB} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2955471422-289985821-123813040-1002
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1DBE5AB8-6416-41D7-831F-EC12F1E88664} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-07-12] ()
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C1609F9-B13A-445E-8A4B-A17CEE8A73FD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {3132ED37-9AB1-4A8B-8718-DABBB6AD291B} - System32\Tasks\Microsoft\WINRE\WinRE-Repair => C:\windows\System32\reagentc.exe [2012-10-24] (Microsoft Corporation)
Task: {36B4FEB6-01C9-4D7C-864C-8ACDA4CC729B} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {4139213E-A1A4-4DD6-A7C9-B009F98139E1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {48DA1F07-465C-4C8C-AA60-437FB9EA423F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5232DA28-9332-4AAF-8210-3864932DFC0B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {674F2438-1A61-4B40-81D1-954A49BE4081} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-07-12] ()
Task: {6BF735C1-5D99-4089-9581-9656CD16F376} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-30] (Acer Incorporated)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-07-26] (Microsoft Corporation)
Task: {6ECC70C2-BAA3-407A-9BE0-F2AD92FA06E1} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {7F9A2D2A-E5F9-45B9-B07E-AFA465D2939D} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9A2C401A-1F5A-4E71-88A3-FD4A9F220E18} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A80696DD-3025-4172-9F46-14B72E58CDDD} - System32\Tasks\EPUpdater => C:\Users\ANDRE_~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {A9934F2F-EA30-4592-9360-46CAEA13FD55} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B04E1C03-1091-416F-987B-78A5E44C277A} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-07-26] (Microsoft Corporation)
Task: {E9717742-7B62-4A0F-AF2E-1A84F4FF8CF9} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2955471422-289985821-123813040-1002 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F0A4FBB4-D66E-4F3E-B5B0-D25CF958EF12} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {FE0381C6-70FA-46EB-9296-F433EEFBA093} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2013 03:01:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: 032037~1.EXE, Version: 7.1.107.0, Zeitstempel: 0x51098160
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x660
Startzeit der fehlerhaften Anwendung: 0x032037~1.EXE0
Pfad der fehlerhaften Anwendung: 032037~1.EXE1
Pfad des fehlerhaften Moduls: 032037~1.EXE2
Berichtskennung: 032037~1.EXE3
Vollständiger Name des fehlerhaften Pakets: 032037~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 032037~1.EXE5

Error: (07/20/2013 02:47:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (07/20/2013 02:29:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (07/20/2013 01:28:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50108897
Name des fehlerhaften Moduls: AppXDeploymentClient.dll, Version: 6.2.9200.16384, Zeitstempel: 0x501086e3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001644f
ID des fehlerhaften Prozesses: 0x3b8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (07/19/2013 10:35:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: 032037~1.EXE, Version: 7.1.107.0, Zeitstempel: 0x51098160
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x6a0
Startzeit der fehlerhaften Anwendung: 0x032037~1.EXE0
Pfad der fehlerhaften Anwendung: 032037~1.EXE1
Pfad des fehlerhaften Moduls: 032037~1.EXE2
Berichtskennung: 032037~1.EXE3
Vollständiger Name des fehlerhaften Pakets: 032037~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 032037~1.EXE5

Error: (07/19/2013 06:57:45 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (07/17/2013 10:35:42 PM) (Source: Application Hang) (User: )
Description: Programm updater.exe, Version 2.0.3002.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d20

Startzeit: 01ce832a990ecc61

Endzeit: 170

Anwendungspfad: C:\Program Files (x86)\Acer\Live Updater\updater.exe

Berichts-ID: 6090938c-ef20-11e2-be7d-206a8ad52f67

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/17/2013 10:10:38 PM) (Source: MsiInstaller) (User: ANDRE)
Description: Product: NetSpeedMonitor 2.5.4.0 x86 -- This install package only supports 32-bit operating systems.

Error: (07/17/2013 10:09:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.

Error: (07/17/2013 10:09:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.


System errors:
=============
Error: (07/21/2013 03:01:41 PM) (Source: Service Control Manager) (User: )
Description: Dienst "McAfee Application Installer Cleanup (0320371374265676)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/20/2013 01:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (07/20/2013 01:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (07/20/2013 01:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (07/20/2013 01:29:14 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (07/20/2013 01:28:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2013 01:28:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2013 01:28:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Systemereignissebroker" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2013 01:28:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2013 01:28:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (07/21/2013 03:01:35 PM) (Source: Application Error)(User: )
Description: 032037~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000050000000066001ce861263e05289C:\Users\ANDRE_~1\AppData\Local\Temp\032037~1.EXEunknownabb160b8-f205-11e2-be81-206a8ad52f67

Error: (07/20/2013 02:47:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Users\andre_000\Downloads\SoftonicDownloader_fuer_netspeedmonitor.exe

Error: (07/20/2013 02:29:49 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Users\andre_000\Downloads\SoftonicDownloader_fuer_netspeedmonitor.exe

Error: (07/20/2013 01:28:02 PM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.1638450108897AppXDeploymentClient.dll6.2.9200.16384501086e3c0000005000000000001644f3b801ce84bf6f199a89C:\Windows\system32\svchost.exeC:\Windows\System32\AppXDeploymentClient.dll6f8e763b-f12f-11e2-be80-206a8ad52f67

Error: (07/19/2013 10:35:26 PM) (Source: Application Error)(User: )
Description: 032037~1.EXE7.1.107.051098160unknown0.0.0.000000000c0000005000000006a001ce84bf745f20abC:\Users\ANDRE_~1\AppData\Local\Temp\032037~1.EXEunknownbdb9c96f-f0b2-11e2-be80-206a8ad52f67

Error: (07/19/2013 06:57:45 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (07/17/2013 10:35:42 PM) (Source: Application Hang)(User: )
Description: updater.exe2.0.3002.0d2001ce832a990ecc61170C:\Program Files (x86)\Acer\Live Updater\updater.exe6090938c-ef20-11e2-be7d-206a8ad52f67

Error: (07/17/2013 10:10:38 PM) (Source: MsiInstaller)(User: ANDRE)
Description: Product: NetSpeedMonitor 2.5.4.0 x86 -- This install package only supports 32-bit operating systems.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/17/2013 10:09:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Users\andre_000\Downloads\SoftonicDownloader_fuer_netspeedmonitor.exe

Error: (07/17/2013 10:09:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Users\andre_000\Downloads\SoftonicDownloader_fuer_netspeedmonitor.exe


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3889.6 MB
Available physical RAM: 1984.26 MB
Total Pagefile: 4785.6 MB
Available Pagefile: 2615.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:451.28 GB) (Free:410.25 GB) NTFS (Disk=0 Partition=4)
Drive d: (MHK2_XXL) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B37BC4B4)

Partition: GPT Partition Type
==================== End Of Log ============================

cosinus 22.07.2013 00:03
Zitat:
Aber die findet man nur in dem Antivirenprogramm was auf dem Notebook war oder?
Wir reden und behandeln hier immer nur ein Gerät pro Strang. Was genau meinst du?
Und welches Gerät soll hier überhaupt begutachtet werden?

babynator55 22.07.2013 11:54
Es geht hier auch nur um mein Notebook. Ich rede nur von dem Antivirenprogramm:
Ich hatte das Notebook vor ca 2 Monaten gekauft und einmal eingeschaltet, alles installiert usw. Dann hab ich es vor ca 4 Tagen erstmals wieder benutzt, da war MC Afee Testaccount schon abgelaufen. Dann habe ich auf diesem Notebook den Virus bekommen und Kaspersky gekauft, der verlangt hat, das MC Afee gelöscht wird.

cosinus 22.07.2013 23:08
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

babynator55 23.07.2013 01:21
Ich weiß nicht ob GMER funktioniert hat. Es kam eine Fehlermeldung, dass der Prozess schon vewendet wird. Hab alles geschlossen, Internet getrennt und Antivirus aus. Ich füge den Log mal ein :

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-23 01:12:57
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000037 Hitachi_HTS545050A7E380 rev.GG2OA920 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ANDRE_~1\AppData\Local\Temp\kgtorpob.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988                                                                                fffff8016365741c 1 byte [31]

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\dwm.exe[416] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\dwm.exe[416] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\dwm.exe[416] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1444] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742      000007fb5f071b32 4 bytes [07, 5F, FB, 07]
.text  C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1444] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750      000007fb5f071b3a 4 bytes [07, 5F, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3376] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690            000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3376] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698            000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3376] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246          000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[3392] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                      000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[3392] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                      000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[3392] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                    000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[3392] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                            000007fb65c2177a 4 bytes [C2, 65, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[3392] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                            000007fb65c21782 4 bytes [C2, 65, FB, 07]
.text  C:\Windows\system32\taskhostex.exe[3512] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                  000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\taskhostex.exe[3512] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                  000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\taskhostex.exe[3512] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\Explorer.EXE[3600] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\Explorer.EXE[3600] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                              000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\Explorer.EXE[3600] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\Explorer.EXE[3600] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                  000007fb5f071b32 4 bytes [07, 5F, FB, 07]
.text  C:\Windows\Explorer.EXE[3600] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                  000007fb5f071b3a 4 bytes [07, 5F, FB, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[3532] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[3532] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[3532] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3316] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                  000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3316] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                  000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3316] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\igfxext.exe[3244] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                      000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\igfxext.exe[3244] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                      000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\igfxext.exe[3244] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                    000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3552] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690              000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3552] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698              000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3552] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246            000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\System32\igfxtray.exe[4320] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\System32\igfxtray.exe[4320] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\System32\igfxtray.exe[4320] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\System32\hkcmd.exe[2612] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                        000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\System32\hkcmd.exe[2612] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                        000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\System32\hkcmd.exe[2612] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                      000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\System32\igfxpers.exe[5100] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                          000007fb65c2177a 4 bytes [C2, 65, FB, 07]
.text  C:\Windows\System32\igfxpers.exe[5100] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                          000007fb65c21782 4 bytes [C2, 65, FB, 07]
.text  C:\Windows\System32\igfxpers.exe[5100] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\System32\igfxpers.exe[5100] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\System32\igfxpers.exe[5100] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2428] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                      000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2428] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                      000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2428] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                    000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4296] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                      000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4296] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                      000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4296] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                    000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  c:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4604] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                    000007fb61471532 4 bytes [47, 61, FB, 07]
.text  c:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4604] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                    000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  c:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4604] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                  000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4960] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                  000007fb61471532 4 bytes [47, 61, FB, 07]
.text  c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4960] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                  000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4960] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4960] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                      000007fb5f071b32 4 bytes [07, 5F, FB, 07]
.text  c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4960] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                      000007fb5f071b3a 4 bytes [07, 5F, FB, 07]
.text  C:\Program Files\Elantech\ETDCtrl.exe[2904] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Elantech\ETDCtrl.exe[2904] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Elantech\ETDCtrl.exe[2904] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Dolby PCEE4\pcee4.exe[3540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                            000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Dolby PCEE4\pcee4.exe[3540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                            000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Dolby PCEE4\pcee4.exe[3540] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                          000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[4640] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                          000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[4640] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                          000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[4640] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                        000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[5764] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007fb65c2177a 4 bytes [C2, 65, FB, 07]
.text  C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[5764] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007fb65c21782 4 bytes [C2, 65, FB, 07]
.text  C:\Windows\system32\igfxsrvc.exe[5992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\igfxsrvc.exe[5992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\igfxsrvc.exe[5992] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[5888] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690          000007fb61471532 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[5888] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698          000007fb6147153a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[5888] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246        000007fb6147165a 4 bytes [47, 61, FB, 07]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[6940] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                      000007fb5f071b32 4 bytes [07, 5F, FB, 07]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[6940] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                      000007fb5f071b3a 4 bytes [07, 5F, FB, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [704:728]                                                                                      fffff960009cd5e8
Thread  C:\Windows\system32\svchost.exe [576:3436]                                                                                    000007fb5d666ba8
Thread  C:\Windows\system32\svchost.exe [576:3440]                                                                                    000007fb5d666794
Thread  C:\Windows\system32\svchost.exe [1528:2920]                                                                                  000007fb5d3e1544
Thread  C:\Windows\system32\svchost.exe [1528:2952]                                                                                  000007fb5d3355dc
Thread  C:\Windows\system32\svchost.exe [1528:3088]                                                                                  000007fb63064910
Thread  C:\Windows\system32\svchost.exe [1528:6992]                                                                                  000007fb63061044
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [2876:4380]    000007fb685223a8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [2876:5912]    000007fb5da577b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [2876:6864]    000007fb5da577b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [2876:7088]    000007fb672c8c44
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [2876:6228]    000007fb65f0c648
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [2876:6740]    000007fb64f35990
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [6376:6576]                                  00000000732397fe
Thread  C:\Windows\SYSTEM32\ntdll.dll [6400:7140]                                                                                    00000000004ca6be
Thread  C:\Windows\SYSTEM32\ntdll.dll [6400:6516]                                                                                    00000000732397fe

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
MBAR:
Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.22.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
andre_000 :: ANDRE [administrator]

23.07.2013 01:35:59
mbar-log-2013-07-23 (01-35-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 251074
Time elapsed: 35 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 23.07.2013 01:32
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

babynator55 23.07.2013 11:37
Anmerkung: OTL hat nur 1 Log nach dem Scan geöffnet, nicht zwei bei mir.

cosinus 24.07.2013 00:47
JRT und adwCleaner bitte wiederholen, da ist etwas schiefgelaufen.
Stell sicher, dass beide Tools per Rechtsklick als Administrator ausgeführt werden

babynator55 24.07.2013 14:14
Hier der neue Adw Cleaner Versuch
Code:
# AdwCleaner v2.306 - Datei am 24/07/2013 um 15:05:52 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : andre_000 - ANDRE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\andre_000\Downloads\AdwCleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\boost_interprocess

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\andre_000\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [28727 octets] - [19/07/2013 23:02:28]
AdwCleaner[R2].txt - [27853 octets] - [23/07/2013 12:03:43]
AdwCleaner[R3].txt - [1061 octets] - [24/07/2013 15:05:22]
AdwCleaner[S1].txt - [27828 octets] - [23/07/2013 12:04:09]
AdwCleaner[S2].txt - [1002 octets] - [24/07/2013 15:05:52]

########## EOF - C:\AdwCleaner[S2].txt - [1062 octets] ##########
Bei JRT hatte ich jetzt ein Problem. Habe sowohl versucht als Administrator zu starten, als auch zu löschen und neu runterzuladen. Er startet immer, scant auch das System, aber wenn er fertig ist passiert nix mehr. Es öffnet sich nicht mehr automatisch der Logfile. Was ist da falschgelaufen?

Danke schonmal

cosinus 24.07.2013 14:50
Dann lass JRT weg und mach bitte ein neues OTL-Log

babynator55 24.07.2013 20:20
Bei diesem Versuch hat es geklappt mit 2 OTL logs :).


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:04 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19