Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ive been hacked [Solved]


  • This topic is locked This topic is locked

#1
longfellow4

longfellow4

    New Member

  • Member
  • Pip
  • 6 posts
Hello. This is what happened. I downloaded a removal tool to remove a broken piece of software to reinstall it and it brought a bunch of malware and what not with it. I managed to remove all of them but few days later a guy started doing things on my computer. Random windows program windows appear that ive open while im browsing the internet. Once i couldnt even close one, i had to terminate it. When i skyped with my girlfriend and fell asleep i woke up to a radio channel playing in the morning. I never listen to radio on my computer and i wouldnt really know how other than googling a radio channel site. I had nothing open, chrome, nothing, only in the skype call with my girlfriend from that night. I started closing random applications i had open, eg Steam. skype was the one that stopped the radio stream but i was in a call already.

I reformated and reinstalled windows but then strange things started happening on skype again. I was typing, went to browse something, i continued typing later on and it started typing inside a message ive already typed. You have to right click and edit a certain message to edit it. I never did that and this never happend to me before. That was yesterday, everything else was a day before that.

Today ive reformatted my computer from a dvd, deleted the partitions, it took me 5hours from a disc just for the format. It used some US Defense algorithm or something it sounded solid. I reinstalled everything from scratch and viola, i log on skype. Im chatting to my girlfriend and her picture has been randomly maximized, i never did that. It happened literally infront of me. I assume im still hacked. Today also when i was installing league of legends, it asked me to cancel when i was about to press enter to finish a message on skype and the installation cancelled. I never tried to cancel the installation either. As i said i assume im still hacked and theres a good chance the guy whos having a laugh is reading what im typing. Im hopeless, dont know what to do. My girlfriend told me to come to this site to seek help.

My log:

Thanks for any help greatly.

Edit 10.07.13: Things that happened since i wrote this thread include:
- BSOD while scanning for rootkits, tried it with the same program in safe mode, found nothing though, no antirootkit prog has found anything yet
- no strange TCP connections, just a bunch on svchost.exe
- no lag while downloading or playing games or while im doing nothing, 6kbps internet traffic usually in and out while im in skype call
- no strange UDP activity, other than the usual windows processes
- keyboard and/or mouse stop working sometimes when im playing, this has happened for weeks before i was hacked though, the difference is that before that i heard a usb connection sound when the devices reconnected again and the numlock light on the keyboard went off too when they disconnected. now the numlock light is always on and theres no sound when the devices come back to 'life'. one time a few days ago both devices disconnected, they worked in bios, not in windows though, i was disconnected from the internet at that time manually and they came back randomly after 2-3 restarts
- windows froze today while i was looking for network activity in cmd and in comodo, i could move my mouse but it was on 'waiting' for ages, had to manually restart

- i wouldnt say the mouse/keyboard disconnecting sometimes is really strange since it happened to me for weeks now. the skype picture randomly resizing and league of legends installation randomly canceling while im about to press enter (which confirms the cancellation) in skype looks like im still being toyed with.

OTL.txt
OTL logfile created on: 10.07.2013 22:17:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User4\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,98 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,90% Memory free
11,96 Gb Paging File | 9,65 Gb Available in Paging File | 80,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 148,86 Gb Free Space | 76,25% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 264,31 Gb Free Space | 97,73% Space Free | Partition Type: NTFS

Computer Name: USER4-PC | User Name: User4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.10 22:12:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User4\Downloads\OTL.exe
PRC - [2013.06.20 16:00:08 | 002,095,752 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.17 13:27:24 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013.04.17 11:57:08 | 000,207,560 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
PRC - [2013.04.17 11:57:08 | 000,194,760 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
PRC - [2013.04.17 11:57:08 | 000,070,344 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
PRC - [2012.12.18 18:32:06 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2012.12.18 18:25:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2010.12.17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010.12.17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010.11.21 05:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010.03.05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.18 18:32:14 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
MOD - [2009.07.31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.06.29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.07.07 00:09:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2013.07.06 22:46:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013.07.06 22:43:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.06.20 16:00:08 | 002,095,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013.06.18 16:15:54 | 006,181,504 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013.06.18 16:15:30 | 000,158,936 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.17 13:27:24 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2013.04.17 11:57:08 | 000,070,344 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010.12.17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.06.18 16:16:08 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.01.17 21:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.12.18 20:36:46 | 001,617,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2012.12.18 20:36:34 | 001,572,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2012.12.18 20:36:22 | 000,120,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2012.12.18 20:36:12 | 000,215,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2012.12.18 20:36:00 | 000,018,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2012.12.18 20:35:50 | 000,181,680 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2012.12.18 20:35:38 | 000,703,152 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2012.12.18 20:35:26 | 000,583,088 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2012.12.18 20:35:14 | 001,448,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2012.12.18 20:35:14 | 001,448,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2012.12.18 20:35:00 | 000,097,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2012.12.18 20:35:00 | 000,097,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2012.12.18 20:34:48 | 000,232,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2012.12.18 20:34:48 | 000,232,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.28 21:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.08 18:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010.12.08 18:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.05.20 07:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-880062446-1389275447-2756025881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.splash...cevm&type=WEB01
IE - HKU\S-1-5-21-880062446-1389275447-2756025881-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-880062446-1389275447-2756025881-1000\..\SearchScopes,DefaultScope = {A1683D42-F8DB-4038-B34D-B38AA9610AD9}
IE - HKU\S-1-5-21-880062446-1389275447-2756025881-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-880062446-1389275447-2756025881-1000\..\SearchScopes\{A1683D42-F8DB-4038-B34D-B38AA9610AD9}: "URL" = http://de.search.yah...icevm&type=EGMB
IE - HKU\S-1-5-21-880062446-1389275447-2756025881-1000\..\SearchScopes\{D9B78BB5-1A8B-4f12-9982-B0272BD0DF77}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-880062446-1389275447-2756025881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\User4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\User4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\User4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\User4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Google Mail = C:\Users\User4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-880062446-1389275447-2756025881-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-880062446-1389275447-2756025881-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C57E8071-E46C-454B-8962-F18B9539551A}: DhcpNameServer = 83.169.184.225 83.169.184.161
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.07.10 18:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013.07.10 17:56:58 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.07.10 17:56:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.07.10 17:56:58 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.07.10 17:56:58 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.07.10 17:56:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.07.10 17:56:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.07.10 17:56:57 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.07.10 17:56:57 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.07.10 17:56:57 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.07.10 17:56:57 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.07.10 17:56:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.07.10 17:56:57 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.07.10 17:56:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.07.10 17:56:57 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.07.10 17:56:57 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.07.10 17:56:57 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.07.10 17:56:57 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.07.10 17:56:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.07.10 17:56:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.07.10 17:56:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.07.10 17:56:57 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.07.10 17:56:57 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.07.10 17:56:57 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.07.10 17:56:56 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.07.10 17:56:56 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.07.10 17:55:28 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.07.10 17:55:28 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.07.10 17:55:27 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.07.10 17:55:27 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.07.10 17:55:26 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.07.10 17:55:26 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.07.10 17:55:24 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.07.10 17:55:24 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.07.10 17:55:24 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.07.10 17:55:24 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.07.10 17:55:24 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.07.10 17:55:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.07.10 17:55:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.07.10 17:55:24 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.07.10 17:55:24 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.07.10 17:55:23 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.07.10 17:55:23 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.07.10 17:55:23 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.07.10 17:55:23 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.07.10 17:55:23 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.07.10 17:55:23 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.07.10 17:55:23 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.07.10 17:55:23 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.07.10 17:55:23 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.07.10 17:55:23 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.07.10 17:55:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.07.10 17:55:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.07.10 17:55:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.07.10 17:55:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.07.10 17:55:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.07.10 17:55:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.07.10 17:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.07.10 17:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.07.10 17:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.07.10 17:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.07.10 17:55:22 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.07.10 17:55:22 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.07.10 17:55:22 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.07.10 17:55:22 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.07.10 17:55:11 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.07.10 17:55:09 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.07.10 17:55:09 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.07.10 16:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013.07.10 16:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013.07.10 16:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2013.07.10 16:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013.07.10 01:08:25 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.10 01:08:23 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.07.10 01:08:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.07.10 01:08:23 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.07.10 01:08:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.07.10 01:08:23 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.07.10 01:08:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.07.10 01:08:15 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013.07.10 01:08:15 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013.07.10 01:08:14 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.10 01:08:14 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.07.10 01:08:00 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013.07.10 01:08:00 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013.07.10 01:07:55 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013.07.10 01:07:55 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013.07.10 01:07:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2013.07.10 01:07:55 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2013.07.10 01:07:54 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.07.10 01:07:54 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2013.07.10 01:07:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2013.07.09 13:18:24 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013.07.09 13:18:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.07.09 13:15:58 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.07.09 13:10:56 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.07.09 13:10:56 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.07.09 13:10:56 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.07.09 13:10:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.07.09 13:10:56 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.07.09 13:10:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.07.09 13:07:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.07.09 13:07:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.07.09 13:07:25 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.07.09 13:07:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.07.09 13:05:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.07.09 13:05:10 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013.07.09 03:28:27 | 000,000,000 | ---D | C] -- C:\Users\User4\Documents\Games for Windows - LIVE Demos
[2013.07.09 02:28:46 | 000,000,000 | ---D | C] -- C:\Users\User4\Documents\Spartan
[2013.07.09 02:28:35 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013.07.09 02:28:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.07.09 02:28:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.07.09 02:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013.07.09 02:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.07.09 02:21:46 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2013.07.09 02:21:46 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013.07.09 02:21:46 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2013.07.09 02:21:46 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013.07.09 02:21:43 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2013.07.09 02:21:43 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013.07.09 02:21:42 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013.07.09 02:07:16 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\vlc
[2013.07.09 02:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.07.09 02:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.07.08 23:22:12 | 000,000,000 | ---D | C] -- C:\Users\User4\Desktop\downloads
[2013.07.08 23:21:50 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\tixati
[2013.07.08 23:21:40 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
[2013.07.08 23:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\tixati
[2013.07.08 17:17:06 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Diagnostics
[2013.07.08 16:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.08 16:31:16 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Malwarebytes
[2013.07.08 16:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.08 16:31:02 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Programs
[2013.07.07 17:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.07.07 17:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.07.07 17:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.07.07 17:09:32 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Adobe
[2013.07.07 17:07:44 | 000,000,000 | ---D | C] -- C:\Users\User4\Desktop\Neuer Ordner
[2013.07.07 13:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Technitium MAC Address Changer v6
[2013.07.07 13:25:03 | 001,010,720 | R-S- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCHRT20.OCX
[2013.07.07 13:25:03 | 000,224,016 | R-S- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2013.07.07 13:25:02 | 000,152,848 | R-S- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2013.07.07 13:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Technitium
[2013.07.07 13:24:47 | 001,081,616 | R-S- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013.07.07 03:28:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.07.07 03:16:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2013.07.07 03:15:59 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2013.07.07 03:15:59 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.07.07 03:15:59 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2013.07.07 03:15:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2013.07.07 03:15:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.07.07 03:15:59 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2013.07.07 03:15:59 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2013.07.07 03:15:59 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2013.07.07 03:15:59 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2013.07.07 03:15:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2013.07.07 03:15:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2013.07.07 03:15:47 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.07.07 03:15:47 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.07.07 03:15:46 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.07.07 03:15:46 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.07.07 03:15:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.07.07 03:15:34 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.07.07 03:15:34 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013.07.07 03:15:32 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.07.07 03:15:19 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2013.07.07 03:15:19 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2013.07.07 03:15:19 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2013.07.07 03:15:18 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2013.07.07 03:15:18 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2013.07.07 03:15:18 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2013.07.07 03:15:15 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013.07.07 03:15:15 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013.07.07 03:15:10 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2013.07.07 03:15:05 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.07.07 03:15:05 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.07.07 03:15:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.07.07 03:15:05 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.07.07 03:14:57 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.07.07 03:14:57 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.07.07 03:14:57 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.07.07 03:14:56 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.07.07 03:14:56 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.07.07 03:14:56 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.07.07 03:14:56 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.07.07 03:14:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.07.07 03:14:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013.07.07 03:14:56 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.07.07 03:14:56 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.07.07 03:14:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.07.07 03:14:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013.07.07 03:14:54 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013.07.07 03:14:54 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013.07.07 03:14:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.07.07 03:14:50 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013.07.07 03:14:50 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013.07.07 03:14:40 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2013.07.07 03:14:40 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2013.07.07 03:14:40 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2013.07.07 03:14:40 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2013.07.07 03:14:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.07.07 03:14:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.07.07 03:14:29 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013.07.07 03:14:29 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013.07.07 03:14:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013.07.07 03:14:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.07.07 03:14:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.07.07 03:14:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.07.07 03:14:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.07.07 03:14:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.07.07 03:14:21 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013.07.07 03:14:21 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.07.07 03:14:21 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.07.07 03:14:21 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.07.07 03:14:21 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.07.07 03:14:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.07.07 03:14:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.07.07 03:14:18 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2013.07.07 03:14:17 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013.07.07 03:14:17 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2013.07.07 03:14:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013.07.07 03:14:02 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.07.07 03:14:02 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.07.07 03:14:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.07.07 03:14:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.07.07 03:13:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.07.07 03:13:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.07.07 03:13:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.07.07 03:13:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.07.07 03:13:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.07.07 03:13:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.07.07 03:13:57 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.07.07 03:13:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.07.07 03:13:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.07.07 03:13:43 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.07.07 03:13:43 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.07.07 03:13:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.07.07 03:13:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.07.07 03:13:43 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.07.07 03:13:43 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.07.07 03:13:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.07.07 03:13:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.07.07 03:13:43 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.07.07 03:13:43 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.07.07 03:13:43 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.07.07 03:13:43 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.07.07 03:13:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.07.07 03:13:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.07.07 03:13:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.07.07 03:13:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.07.07 03:13:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.07.07 03:13:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.07.07 03:13:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.07.07 03:13:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.07.07 03:13:42 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.07.07 03:13:42 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.07.07 03:13:42 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.07.07 03:13:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.07.07 03:13:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.07.07 03:13:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.07.07 03:13:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.07.07 03:13:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.07.07 03:13:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.07.07 03:13:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.07.07 03:13:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.07.07 03:13:33 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2013.07.07 03:13:33 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2013.07.07 03:13:33 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2013.07.07 03:13:33 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2013.07.07 03:13:04 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.07.07 03:13:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.07.07 03:12:59 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.07.07 03:12:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.07.07 03:12:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.07.07 03:12:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.07.07 03:12:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.07.07 03:12:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.07.07 03:12:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.07.07 03:12:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.07.07 03:12:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.07.07 03:12:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.07.07 03:12:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.07.07 03:12:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.07.07 03:12:48 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.07 03:12:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.07.07 03:12:48 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.07.07 03:12:47 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.07.07 03:12:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013.07.07 03:12:45 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.07.07 03:12:45 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.07.07 03:12:45 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.07.07 03:12:45 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.07.07 03:12:45 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2013.07.07 03:12:45 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2013.07.07 03:12:45 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2013.07.07 03:12:36 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.07.07 03:12:36 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.07.07 03:12:27 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.07.07 03:12:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013.07.07 03:12:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013.07.07 03:12:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013.07.07 03:12:20 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013.07.07 03:12:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2013.07.07 03:12:17 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.07.07 03:12:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.07.07 03:12:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2013.07.07 03:12:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2013.07.07 03:12:05 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013.07.07 03:12:02 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2013.07.07 03:12:01 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2013.07.07 03:11:59 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.07.07 03:11:59 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.07.07 03:11:59 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.07.07 03:11:59 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.07.07 03:11:59 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.07.07 03:11:59 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.07.07 03:11:55 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.07.07 03:11:53 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013.07.07 03:11:53 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2013.07.07 03:11:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2013.07.07 03:11:53 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2013.07.07 03:11:50 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.07.07 03:11:50 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.07.07 03:11:50 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.07.07 03:11:50 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.07.07 03:11:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.07.07 03:11:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.07.07 03:11:48 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.07.07 03:11:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013.07.07 03:11:47 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.07.07 03:11:47 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.07.07 03:11:44 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.07.07 03:11:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013.07.07 03:11:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013.07.07 03:11:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013.07.07 02:41:25 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\WinRAR
[2013.07.07 02:41:25 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.07.07 02:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.07.07 02:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013.07.07 02:40:03 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\User4\RootkitRevealer.exe
[2013.07.07 02:23:56 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Logitech
[2013.07.07 02:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.07.07 02:23:33 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013.07.07 02:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.07.07 02:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013.07.07 02:22:43 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Logitech
[2013.07.07 02:22:43 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Logishrd
[2013.07.07 02:00:09 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\ATI
[2013.07.07 02:00:09 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\ATI
[2013.07.07 02:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.07.07 01:08:53 | 000,000,000 | ---D | C] -- C:\Users\User4\Desktop\eclipse
[2013.07.07 01:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.07.07 01:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.07.07 01:04:45 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.07.07 01:04:44 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.07.07 01:04:44 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.07.07 01:04:42 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.07.07 01:04:42 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.07.07 01:04:42 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.07.07 01:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.07.07 01:01:33 | 000,000,000 | ---D | C] -- C:\Users\User4\Documents\My Games
[2013.07.07 01:01:15 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013.07.07 01:01:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013.07.07 01:01:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013.07.07 01:01:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013.07.07 01:01:15 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013.07.07 01:01:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013.07.07 01:01:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013.07.07 01:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013.07.07 00:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.07.07 00:17:58 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\LolClient
[2013.07.07 00:17:57 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Macromedia
[2013.07.07 00:17:55 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Adobe
[2013.07.07 00:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2013.07.06 23:55:47 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013.07.06 23:55:47 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.07.06 23:29:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User4\Desktop\OTL.exe
[2013.07.06 22:51:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013.07.06 22:51:12 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013.07.06 22:51:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013.07.06 22:51:12 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013.07.06 22:51:11 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013.07.06 22:51:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013.07.06 22:51:01 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.07.06 22:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013.07.06 22:48:29 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\PMB Files
[2013.07.06 22:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.07.06 22:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.07.06 22:47:45 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Riot Games
[2013.07.06 22:44:33 | 000,183,296 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\CTOPT352.dll
[2013.07.06 22:44:33 | 000,166,912 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\CTOPT352.dll
[2013.07.06 22:44:33 | 000,061,440 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\CTChkAud.dll
[2013.07.06 22:44:33 | 000,049,664 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\CTChkAud.dll
[2013.07.06 22:44:33 | 000,042,496 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\AddCat.exe
[2013.07.06 22:43:29 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscomct2.ocx
[2013.07.06 22:43:29 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2013.07.06 22:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013.07.06 22:37:04 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Skype
[2013.07.06 22:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.07.06 22:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.07.06 22:37:00 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.07.06 22:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.07.06 22:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.07.06 22:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.07.06 22:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.07.06 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.07.06 22:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.07.06 22:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2013.07.06 22:21:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2013.07.06 22:20:50 | 000,113,152 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\cttele64.dll
[2013.07.06 22:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013.07.06 22:20:49 | 000,106,496 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\cttele32.dll
[2013.07.06 22:20:40 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.07.06 22:20:40 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.07.06 22:20:40 | 000,123,480 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013.07.06 22:20:40 | 000,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013.07.06 22:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013.07.06 22:19:47 | 000,012,288 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\INRES.DLL
[2013.07.06 22:19:47 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysWow64\INRES.DLL
[2013.07.06 22:19:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2013.07.06 22:19:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data
[2013.07.06 22:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.07.06 22:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.07.06 22:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.07.06 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.07.06 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.07.06 22:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.07.06 22:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.07.06 22:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.07.06 22:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.07.06 22:07:43 | 000,000,000 | ---D | C] -- C:\AMD
[2013.07.06 22:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.07.06 22:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.07.06 22:05:46 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Google
[2013.07.06 22:04:55 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Deployment
[2013.07.06 22:04:55 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Apps
[2013.07.06 21:56:22 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\AVG2013
[2013.07.06 21:55:10 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\TuneUp Software
[2013.07.06 21:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.07.06 21:55:01 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.07.06 21:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.07.06 21:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.07.06 21:53:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.07.06 21:53:24 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\MFAData
[2013.07.06 21:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.07.06 21:53:24 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Avg2013
[2013.07.06 21:48:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.07.06 21:46:55 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Comodo
[2013.07.06 21:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.07.06 21:45:25 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013.07.06 21:45:25 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013.07.06 21:29:19 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013.07.06 21:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013.07.06 21:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013.07.06 21:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[2013.07.06 21:26:04 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Comodo
[2013.07.06 21:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013.07.06 21:26:02 | 000,056,072 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013.07.06 21:26:02 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013.07.06 21:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013.07.06 21:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.07.06 21:24:22 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.07.06 21:24:22 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.07.06 21:24:22 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.07.06 21:24:17 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.07.06 21:24:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.07.06 21:24:17 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.07.06 21:24:11 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.07.06 21:24:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.07.06 21:13:33 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2013.07.06 21:13:32 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\InstallShield
[2013.07.06 21:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2013.07.06 21:13:15 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Difx4eac.rra
[2013.07.06 21:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp
[2013.07.06 21:13:14 | 001,970,176 | R--- | C] (JMicron Technology Corp.) -- C:\Windows\SysWow64\xRaidSetup.exe
[2013.07.06 21:13:14 | 000,151,552 | R--- | C] (JMicron Technology Corp.) -- C:\Windows\SysWow64\xRaidAPI.dll
[2013.07.06 21:13:14 | 000,000,000 | ---D | C] -- C:\RaidTool
[2013.07.06 21:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2013.07.06 21:13:06 | 000,105,312 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\jraid.sys
[2013.07.06 21:13:04 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2013.07.06 21:09:40 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\DeviceVm
[2013.07.06 21:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVm
[2013.07.06 21:09:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DeviceVM
[2013.07.06 21:09:34 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.07.06 21:08:38 | 000,412,776 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.07.06 21:08:38 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2013.07.06 21:08:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.07.06 21:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.07.06 21:08:09 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.07.06 21:08:09 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.07.06 21:08:09 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2013.07.06 21:08:09 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.07.06 21:08:09 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.07.06 21:08:09 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.07.06 21:08:09 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013.07.06 21:08:09 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2013.07.06 21:08:09 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2013.07.06 21:08:09 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.07.06 21:08:08 | 002,813,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.07.06 21:08:08 | 000,626,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.07.06 21:08:08 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.07.06 21:08:08 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.07.06 21:08:07 | 002,186,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.07.06 21:08:07 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.07.06 21:08:07 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.07.06 21:08:07 | 000,544,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013.07.06 21:08:07 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.07.06 21:08:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.07.06 21:08:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.07.06 21:08:07 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.07.06 21:08:07 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.07.06 21:08:07 | 000,083,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2013.07.06 21:08:07 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.07.06 21:08:03 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.07.06 21:08:03 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.07.06 21:08:03 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.07.06 21:08:03 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.07.06 21:08:03 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.07.06 21:08:03 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.07.06 21:08:02 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.07.06 21:08:02 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013.07.06 21:08:02 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.07.06 21:08:02 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.07.06 21:07:57 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.07.06 21:07:57 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.07.06 21:07:56 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.07.06 21:07:56 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.07.06 21:07:56 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.07.06 21:07:55 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.07.06 21:07:55 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.07.06 21:07:55 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.07.06 21:07:55 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.07.06 21:07:55 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.07.06 21:07:55 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.07.06 21:07:54 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.07.06 21:07:54 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.07.06 21:07:53 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.07.06 21:07:53 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.07.06 21:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.07.06 21:07:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.07.06 21:07:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.07.06 21:07:50 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.07.06 21:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.07.06 21:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.07.06 21:06:44 | 000,000,000 | ---D | C] -- C:\Intel
[2013.07.06 21:00:20 | 000,000,000 | R--D | C] -- C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.07.06 21:00:20 | 000,000,000 | R--D | C] -- C:\Users\User4\Searches
[2013.07.06 21:00:20 | 000,000,000 | R--D | C] -- C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.07.06 21:00:12 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Identities
[2013.07.06 21:00:10 | 000,000,000 | R--D | C] -- C:\Users\User4\Contacts
[2013.07.06 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\VirtualStore
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Vorlagen
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\AppData\Local\Verlauf
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\AppData\Local\Temporary Internet Files
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Startmenü
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\SendTo
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Recent
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Netzwerkumgebung
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Lokale Einstellungen
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Documents\Eigene Videos
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Documents\Eigene Musik
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Eigene Dateien
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Documents\Eigene Bilder
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Druckumgebung
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Cookies
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\AppData\Local\Anwendungsdaten
[2013.07.06 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\User4\Anwendungsdaten
[2013.07.06 21:00:00 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Temp
[2013.07.06 21:00:00 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Local\Microsoft
[2013.07.06 21:00:00 | 000,000,000 | ---D | C] -- C:\Users\User4\AppData\Roaming\Media Center Programs
[2013.07.06 20:59:59 | 000,000,000 | --SD | C] -- C:\Users\User4\AppData\Roaming\Microsoft
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\Videos
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\Saved Games
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\Pictures
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\Music
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\Links
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\Favorites
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\Downloads
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\Documents
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\Desktop
[2013.07.06 20:59:59 | 000,000,000 | R--D | C] -- C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.07.06 20:59:59 | 000,000,000 | -H-D | C] -- C:\Users\User4\AppData
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.07.06 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.07.06 20:51:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.07.06 20:49:45 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.07.06 20:48:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.06.18 16:16:08 | 000,023,168 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2013.06.18 16:15:50 | 000,043,216 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2013.06.18 16:15:48 | 000,437,688 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2013.06.18 16:15:48 | 000,348,584 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2013.06.18 16:15:40 | 000,344,792 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2013.06.18 16:15:40 | 000,045,784 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2013.06.18 16:15:36 | 000,278,232 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2013.06.18 16:15:36 | 000,040,664 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll

========== Files - Modified Within 30 Days ==========

[2013.07.10 22:18:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.10 22:10:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.10 18:06:59 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 18:06:59 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 18:06:00 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.10 18:06:00 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.10 18:06:00 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.10 18:06:00 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.10 18:06:00 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.10 18:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.10 18:01:14 | 522,264,575 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.10 18:00:32 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013.07.10 18:00:32 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013.07.10 18:00:32 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013.07.10 03:37:07 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.09 13:10:34 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.09 02:06:35 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.07.08 23:21:42 | 000,000,784 | ---- | M] () -- C:\Users\User4\Desktop\Tixati.lnk
[2013.07.07 17:10:16 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.07 13:58:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.07.07 13:25:03 | 001,010,720 | R-S- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCHRT20.OCX
[2013.07.07 13:25:03 | 000,224,016 | R-S- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2013.07.07 13:25:02 | 000,152,848 | R-S- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2013.07.07 13:24:50 | 001,081,616 | R-S- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013.07.07 03:28:47 | 843,015,977 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.07.07 02:34:23 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\User4\RootkitRevealer.exe
[2013.07.07 02:23:33 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013.07.07 01:04:38 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.07.07 01:04:38 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.07.07 01:04:38 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.07.07 01:04:37 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.07.07 01:04:37 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.07.07 01:04:37 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.07.07 00:12:58 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2013.07.07 00:12:58 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2013.07.06 23:56:12 | 000,056,072 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013.07.06 23:56:12 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013.07.06 23:55:47 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013.07.06 23:55:47 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.07.06 23:29:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User4\Desktop\OTL.exe
[2013.07.06 22:51:02 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013.07.06 22:43:29 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2013.07.06 22:37:01 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.07.06 22:24:27 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.07.06 22:20:40 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.07.06 22:20:40 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.07.06 22:20:40 | 000,123,480 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013.07.06 22:20:40 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013.07.06 22:20:40 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.07.06 22:12:20 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.07.06 22:06:14 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.06 21:55:10 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.07.06 21:29:45 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2013.07.06 21:29:45 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2013.07.06 21:29:45 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\Gemeinsamer Bereich.lnk
[2013.07.06 21:28:08 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013.07.06 21:28:08 | 000,002,043 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.07.06 21:28:08 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013.07.06 21:26:04 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013.07.06 21:13:37 | 000,036,063 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2013.07.06 21:09:41 | 000,001,444 | ---- | M] () -- C:\Users\User4\Desktop\Games.lnk
[2013.07.06 21:06:00 | 000,024,353 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2013.07.06 21:05:49 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2013.07.06 20:52:41 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.07.06 20:52:41 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.06.18 16:16:08 | 000,023,168 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2013.06.18 16:15:50 | 000,043,216 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2013.06.18 16:15:48 | 000,437,688 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2013.06.18 16:15:48 | 000,348,584 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2013.06.18 16:15:40 | 000,344,792 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2013.06.18 16:15:40 | 000,045,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2013.06.18 16:15:36 | 000,278,232 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2013.06.18 16:15:36 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll

========== Files Created - No Company Name ==========

[2013.07.09 13:18:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.07.09 13:07:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.07.09 02:27:34 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2013.07.09 02:06:35 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.07.08 23:21:42 | 000,000,784 | ---- | C] () -- C:\Users\User4\Desktop\Tixati.lnk
[2013.07.07 17:10:16 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.07 17:10:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.07.07 13:58:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.07.07 03:28:47 | 843,015,977 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.07.07 00:25:16 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.07 00:12:58 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2013.07.07 00:12:58 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2013.07.06 22:51:02 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013.07.06 22:44:33 | 000,006,130 | ---- | C] () -- C:\Windows\SysNative\CTOPT352.cat
[2013.07.06 22:44:33 | 000,006,010 | ---- | C] () -- C:\Windows\SysWow64\CTOPT352.cat
[2013.07.06 22:43:29 | 000,002,321 | ---- | C] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2013.07.06 22:37:01 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.07.06 22:29:25 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013.07.06 22:29:25 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013.07.06 22:29:25 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013.07.06 22:24:27 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.07.06 22:21:58 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2013.07.06 22:20:40 | 000,212,992 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.07.06 22:20:40 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.07.06 22:20:40 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.07.06 22:20:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.07.06 22:20:40 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.07.06 22:12:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.07.06 22:06:14 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.06 22:05:52 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.06 22:05:51 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.06 21:55:10 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.07.06 21:29:45 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2013.07.06 21:29:45 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2013.07.06 21:29:45 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\Gemeinsamer Bereich.lnk
[2013.07.06 21:28:08 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013.07.06 21:28:08 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.07.06 21:28:08 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013.07.06 21:26:04 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013.07.06 21:13:36 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013.07.06 21:09:41 | 000,001,444 | ---- | C] () -- C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2013.07.06 21:09:41 | 000,001,444 | ---- | C] () -- C:\Users\User4\Desktop\Games.lnk
[2013.07.06 21:08:38 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.07.06 21:06:28 | 000,036,063 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013.07.06 21:05:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.07.06 21:05:31 | 000,024,353 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013.07.06 21:00:24 | 000,001,405 | ---- | C] () -- C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.07.06 21:00:21 | 000,001,439 | ---- | C] () -- C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.07.06 20:52:31 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.07.06 20:52:20 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.07.06 20:48:55 | 522,264,575 | -HS- | C] () -- C:\hiberfil.sys
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.12.18 19:35:42 | 000,017,979 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2012.12.18 19:35:36 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012.12.18 18:34:34 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2012.12.18 18:32:14 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2012.12.18 18:16:06 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2012.12.18 18:16:06 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2012.12.18 18:00:06 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2012.12.18 17:59:58 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.21 05:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013.05.13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.21 05:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.21 05:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.03.03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.21 05:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009.07.14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.05.24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012.02.11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.21 05:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.21 05:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.21 05:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.21 05:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.21 05:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.21 05:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.21 05:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.21 05:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.21 05:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.21 05:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010.11.21 05:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.21 05:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.21 05:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.21 05:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.21 05:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.21 05:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.21 05:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009.06.10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012.09.23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012.09.23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744BA0000000010\11.0.0\services.cfg
[2013.05.11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011.04.12 09:43:07 | 000,019,456 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\de-DE\services.exe.mui
[2011.04.12 09:43:07 | 000,019,456 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2011.04.12 09:43:07 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc
[2011.04.12 09:43:08 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc
[2011.04.12 09:43:07 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc
[2011.04.12 09:43:08 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8E19-AF2F
Verzeichnis von C:\
14.07.2009 07:08 <VERBINDUNG> Documents and Settings [C:\Users]
06.07.2013 20:59 <VERBINDUNG> Dokumente und Einstellungen [C:\Users]
06.07.2013 20:59 <VERBINDUNG> Programme [C:\Program Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files
06.07.2013 20:59 <VERBINDUNG> Gemeinsame Dateien [C:\Program Files\Common Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files\Windows NT
06.07.2013 20:59 <VERBINDUNG> Zubeh”r [C:\Program Files\Windows NT\Accessories]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData
06.07.2013 20:59 <VERBINDUNG> Anwendungsdaten [C:\ProgramData]
14.07.2009 07:08 <VERBINDUNG> Application Data [C:\ProgramData]
14.07.2009 07:08 <VERBINDUNG> Desktop [C:\Users\Public\Desktop]
14.07.2009 07:08 <VERBINDUNG> Documents [C:\Users\Public\Documents]
06.07.2013 20:59 <VERBINDUNG> Dokumente [C:\Users\Public\Documents]
06.07.2013 20:59 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites]
14.07.2009 07:08 <VERBINDUNG> Favorites [C:\Users\Public\Favorites]
14.07.2009 07:08 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
06.07.2013 20:59 <VERBINDUNG> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 07:08 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates]
06.07.2013 20:59 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
06.07.2013 20:59 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users
14.07.2009 07:08 <SYMLINKD> All Users [C:\ProgramData]
14.07.2009 07:08 <VERBINDUNG> Default User [C:\Users\Default]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users
06.07.2013 20:59 <VERBINDUNG> Anwendungsdaten [C:\ProgramData]
14.07.2009 07:08 <VERBINDUNG> Application Data [C:\ProgramData]
14.07.2009 07:08 <VERBINDUNG> Desktop [C:\Users\Public\Desktop]
14.07.2009 07:08 <VERBINDUNG> Documents [C:\Users\Public\Documents]
06.07.2013 20:59 <VERBINDUNG> Dokumente [C:\Users\Public\Documents]
06.07.2013 20:59 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites]
14.07.2009 07:08 <VERBINDUNG> Favorites [C:\Users\Public\Favorites]
14.07.2009 07:08 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
06.07.2013 20:59 <VERBINDUNG> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 07:08 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates]
06.07.2013 20:59 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu
06.07.2013 20:59 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default
06.07.2013 20:59 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Roaming]
14.07.2009 07:08 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Roaming]
14.07.2009 07:08 <VERBINDUNG> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
06.07.2013 20:59 <VERBINDUNG> Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06.07.2013 20:59 <VERBINDUNG> Eigene Dateien [C:\Users\Default\Documents]
14.07.2009 07:08 <VERBINDUNG> Local Settings [C:\Users\Default\AppData\Local]
06.07.2013 20:59 <VERBINDUNG> Lokale Einstellungen [C:\Users\Default\AppData\Local]
14.07.2009 07:08 <VERBINDUNG> My Documents [C:\Users\Default\Documents]
14.07.2009 07:08 <VERBINDUNG> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06.07.2013 20:59 <VERBINDUNG> Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009 07:08 <VERBINDUNG> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009 07:08 <VERBINDUNG> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009 07:08 <VERBINDUNG> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009 07:08 <VERBINDUNG> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
06.07.2013 20:59 <VERBINDUNG> Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009 07:08 <VERBINDUNG> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
06.07.2013 20:59 <VERBINDUNG> Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Local
06.07.2013 20:59 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Local]
14.07.2009 07:08 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Local]
14.07.2009 07:08 <VERBINDUNG> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009 07:08 <VERBINDUNG> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
06.07.2013 20:59 <VERBINDUNG> Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
06.07.2013 20:59 <VERBINDUNG> Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\Documents
06.07.2013 20:59 <VERBINDUNG> Eigene Bilder [C:\Users\Default\Pictures]
06.07.2013 20:59 <VERBINDUNG> Eigene Musik [C:\Users\Default\Music]
06.07.2013 20:59 <VERBINDUNG> Eigene Videos [C:\Users\Default\Videos]
14.07.2009 07:08 <VERBINDUNG> My Music [C:\Users\Default\Music]
14.07.2009 07:08 <VERBINDUNG> My Pictures [C:\Users\Default\Pictures]
14.07.2009 07:08 <VERBINDUNG> My Videos [C:\Users\Default\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Public\Documents
06.07.2013 20:59 <VERBINDUNG> Eigene Bilder [C:\Users\Public\Pictures]
06.07.2013 20:59 <VERBINDUNG> Eigene Musik [C:\Users\Public\Music]
06.07.2013 20:59 <VERBINDUNG> Eigene Videos [C:\Users\Public\Videos]
14.07.2009 07:08 <VERBINDUNG> My Music [C:\Users\Public\Music]
14.07.2009 07:08 <VERBINDUNG> My Pictures [C:\Users\Public\Pictures]
14.07.2009 07:08 <VERBINDUNG> My Videos [C:\Users\Public\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\User4
06.07.2013 21:00 <VERBINDUNG> Anwendungsdaten [C:\Users\User4\AppData\Roaming]
06.07.2013 21:00 <VERBINDUNG> Cookies [C:\Users\User4\AppData\Roaming\Microsoft\Windows\Cookies]
06.07.2013 21:00 <VERBINDUNG> Druckumgebung [C:\Users\User4\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06.07.2013 21:00 <VERBINDUNG> Eigene Dateien [C:\Users\User4\Documents]
06.07.2013 21:00 <VERBINDUNG> Lokale Einstellungen [C:\Users\User4\AppData\Local]
06.07.2013 21:00 <VERBINDUNG> Netzwerkumgebung [C:\Users\User4\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06.07.2013 21:00 <VERBINDUNG> Recent [C:\Users\User4\AppData\Roaming\Microsoft\Windows\Recent]
06.07.2013 21:00 <VERBINDUNG> SendTo [C:\Users\User4\AppData\Roaming\Microsoft\Windows\SendTo]
06.07.2013 21:00 <VERBINDUNG> Startmen [C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu]
06.07.2013 21:00 <VERBINDUNG> Vorlagen [C:\Users\User4\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\User4\AppData\Local
06.07.2013 21:00 <VERBINDUNG> Anwendungsdaten [C:\Users\User4\AppData\Local]
06.07.2013 21:00 <VERBINDUNG> Temporary Internet Files [C:\Users\User4\AppData\Local\Microsoft\Windows\Temporary Internet Files]
06.07.2013 21:00 <VERBINDUNG> Verlauf [C:\Users\User4\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu
06.07.2013 21:00 <VERBINDUNG> Programme [C:\Users\User4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\User4\Documents
06.07.2013 21:00 <VERBINDUNG> Eigene Bilder [C:\Users\User4\Pictures]
06.07.2013 21:00 <VERBINDUNG> Eigene Musik [C:\Users\User4\Music]
06.07.2013 21:00 <VERBINDUNG> Eigene Videos [C:\Users\User4\Videos]
0 Datei(en), 0 Bytes
Anzahl der angezeigten Dateien:
0 Datei(en), 0 Bytes
83 Verzeichnis(se), 159.366.397.952 Bytes frei

< End of report >


Extras.txt
OTL Extras logfile created on: 10.07.2013 22:17:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User4\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,98 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,90% Memory free
11,96 Gb Paging File | 9,65 Gb Available in Paging File | 80,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 148,86 Gb Free Space | 76,25% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 264,31 Gb Free Space | 97,73% Space Free | Partition Type: NTFS

Computer Name: USER4-PC | User Name: User4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-880062446-1389275447-2756025881-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003F296A-792B-4A9B-8E25-80C61AD3D9A3}" = lport=58676 | protocol=17 | dir=in | name=pando media booster |
"{0D14777F-0F70-4284-9376-E7F46F4EBD45}" = lport=58676 | protocol=6 | dir=in | name=pando media booster |
"{2498237D-6CBA-4182-A396-F2B6C13D6C8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{26494B59-8C48-46A3-8F8A-6DB4C2BA1D5A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BB75617-9402-4B76-AF24-BE7B8AAF7A9C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{533EE65D-2DCF-437A-98C8-427B19919777}" = lport=139 | protocol=6 | dir=in | app=system |
"{5983AFB4-4302-43BF-A356-DBA2E58EE0CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{7849E98C-4592-408F-AE3D-4D5DA6E2F125}" = lport=445 | protocol=6 | dir=in | app=system |
"{8798FA6E-C725-4768-B927-F45DBEAB5F29}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D507A48-C53B-4252-8127-CD19DD81A7CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EF363EB-FD5B-4C87-B3D5-1F68635F9435}" = lport=58676 | protocol=6 | dir=in | name=pando media booster |
"{91183124-2611-4CF4-8DBC-65FE533029CD}" = lport=58676 | protocol=17 | dir=in | name=pando media booster |
"{9F09E363-CB06-4712-8060-B91A74B40758}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A41B4725-C5E8-419A-8F22-01CFCC0E2FBE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B34A470D-47FD-493A-9336-5BE12E5094A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3D043B2-C1A5-4B5F-B5A1-130211A9FDC0}" = rport=445 | protocol=6 | dir=out | app=system |
"{D64A7EF6-EAB5-4EA0-B30D-59D1112015E8}" = lport=137 | protocol=17 | dir=in | app=system |
"{D83A6E99-3CCF-4C51-9045-8E585FF8BD5A}" = rport=137 | protocol=17 | dir=out | app=system |
"{E83B716A-2FE1-4A7E-901F-7C75357637E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{F007BC08-7C5E-4129-975E-EABFFDA68B08}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8CDEEA7-D0CE-4A59-A42B-155421CC218E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9A9D58B-357B-4036-91D7-F32A699D2F63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024C053C-7A52-413F-9E45-9102E35996C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0E72B991-691F-4E3A-8C86-2A93C0F0E867}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1125AD7A-C462-4E86-8295-82CB5F148FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{3791128A-C7F2-47B5-97D6-3EE85912456C}" = protocol=58 | dir=out | [email protected],-28546 |
"{397CDC04-BE56-4BCB-8E93-B916E075F3C2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4E32A6D4-4037-4449-B40D-E60AC3DBD150}" = protocol=58 | dir=in | [email protected],-28545 |
"{4F04EA21-0853-4452-BC35-59DE7B61D569}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{53CDBB53-1304-49DE-9EBC-BBC39D9B0EBE}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5479A554-86C2-49A9-BBD9-5F0C24A6505D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70ABF0FF-D730-4C53-8C75-035D3BFCCE1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7540074F-E734-4F01-8E8E-A364B00EA4A0}" = protocol=6 | dir=out | app=system |
"{76CE10AF-B9B1-49C4-987C-A073B5F318F1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{76F53F15-06B1-4B3E-8D08-21F321D4ABA7}" = protocol=1 | dir=out | [email protected],-28544 |
"{77401B3A-9863-400B-A584-10F7E43AAA8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78862645-9CDE-4969-9496-C4787E8A0B61}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{8FE73822-4E99-434A-8864-0694D5902B67}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{908B224E-8421-48D6-A542-F241C5AB1F16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94E4B5CE-54B0-435C-85F4-956F5F45DA58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BE90A0F-7A9D-4735-B5FB-9AD2F116162C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{A67725A9-A2DB-4327-A8B5-DE47D703C25E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A75689FE-BEC4-4A57-8654-1CC3CA4AAE7F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADF5B5DA-F79A-4DBD-8657-7C0B12182C2F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF02F81C-E602-4CA9-9615-13660E68465A}" = protocol=1 | dir=in | [email protected],-28543 |
"{AFACE3A4-FA3C-43AB-BB60-3318BB3546AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BBAB9D0D-7B76-4FE5-BFE8-7A54A94037D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C037527B-8FAC-43DC-9A3F-2EC30DB60DA1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C93A9DF3-F7C0-44F3-9B7B-3EB57DA8E9BB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DBFC336D-CD88-4AE5-9EE7-4B356949A2C9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E289C6DB-9368-4279-BD86-80F4B89F6317}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EA6DA38D-F8D7-4CC4-9235-670D82B1DC72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{F1C95D78-4F06-401C-9A56-0BE8058EB85F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{3E5B602B-56B3-4FD9-97C4-D82B4A4D3B49}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{55B348BE-A3BE-9AE7-58BD-BE45B9A28F82}" = AMD Media Foundation Decoders
"{5B73E1AA-CA9D-E76A-2F2D-E0EFB41CE087}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A0BABADE-E154-4F08-97A1-2903CD110E88}" = COMODO Firewall
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE7891D8-2340-4CD6-BA0A-6C8C01F7B4B4}" = AVG 2013
"{B01875AA-1BD4-5B9F-D2B9-23D909F4280B}" = AMD Drag and Drop Transcoding
"{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E54A949B-C4AE-28B6-EC97-FCB9E402D338}" = ccc-utility64
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish
"{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian
"{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish
"{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = Catalyst Control Center
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese
"{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian
"{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish
"{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish
"{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional
"{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A47642B2-4CB5-4325-8093-C88D4747953F}" = GeekBuddy
"{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian
"{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German
"{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French
"{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"3DMIDI" = Creative 3DMIDI Player
"ALchemy" = Creative ALchemy
"Comodo Dragon" = Comodo Dragon
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative Diagnostics
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"Google Chrome" = Google Chrome
"League of Legends 3.0.0" = League of Legends
"OpenAL" = OpenAL
"Steam App 105430" = Age of Empires Online
"Steam App 105600" = Terraria
"tixati" = Tixati
"TMACv6.0" = Technitium MAC Address Changer v6.0.3
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VLC media player" = VLC media player 2.0.7
"WaveStudio 7" = Creative WaveStudio 7
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.20 (32-Bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.07.2013 08:08:17 | Computer Name = User4-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.07.2013 21:04:55 | Computer Name = User4-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 09.07.2013 21:23:01 | Computer Name = User4-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cmdagent.exe, Version: 6.2.20728.2847,
Zeitstempel: 0x51bee3c2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000004f4
ID
des fehlerhaften Prozesses: 0x43c Startzeit der fehlerhaften Anwendung: 0x01ce7c9cce97708d
Pfad
der fehlerhaften Anwendung: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 423d6c47-e8ff-11e2-b859-000886db4103

Error - 09.07.2013 21:37:59 | Computer Name = User4-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.07.2013 04:34:00 | Computer Name = User4-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.07.2013 10:03:48 | Computer Name = User4-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.07.2013 10:17:42 | Computer Name = User4-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.07.2013 10:30:03 | Computer Name = User4-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.07.2013 10:49:38 | Computer Name = User4-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0x19c0 Startzeit der fehlerhaften Anwendung: 0x01ce7d7cb28906bd
Pfad
der fehlerhaften Anwendung: C:\Users\User4\Desktop\Neuer Ordner (2)\RootkitRevealer.exe
Pfad
des fehlerhaften Moduls: C:\Users\User4\Desktop\Neuer Ordner (2)\RootkitRevealer.exe
Berichtskennung:
f12ef90d-e96f-11e2-b712-000886db4103

Error - 10.07.2013 12:02:20 | Computer Name = User4-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10.07.2013 10:17:22 | Computer Name = User4-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 10.07.2013 10:17:25 | Computer Name = User4-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 10.07.2013 10:29:43 | Computer Name = User4-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?07.?2013 um 16:28:01 unerwartet heruntergefahren.

Error - 10.07.2013 10:29:45 | Computer Name = User4-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 10.07.2013 10:29:50 | Computer Name = User4-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 10.07.2013 12:00:28 | Computer Name = User4-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 10.07.2013 12:01:23 | Computer Name = User4-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 10.07.2013 12:01:28 | Computer Name = User4-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 10.07.2013 12:07:43 | Computer Name = User4-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 10.07.2013 12:07:43 | Computer Name = User4-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053


< End of report >

Edited by longfellow4, 10 July 2013 - 02:27 PM.

  • 0

Advertisements


#2
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

With that all stated, let's get started! :)

I'm sorry for the delay on getting to your issue, since it has been some time and the log posted is the Extras could you please run This OTL custom scan and post the logs so we can see what's going on. Also what rootkits scans have you done that?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
longfellow4

longfellow4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey Jasmyne, thanks for your and your instructors help a lot in advance and good luck with your training. Im appreciating this a lot.

I posted the logs in the topic as asked.
I ran GMER and Malwarebytes (normal and rootkit removal) in safe mode with networking.
Also ran an AVG and Comodo scan. I installed these last two after repartitioning.
None of the above found anything and they were all fully updated.
  • 0

#4
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have another scan I'd like you to run. Please post any new logs I ask for in a new reply. :)

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#5
longfellow4

longfellow4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here it is!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 176):
0x03054000 \SystemRoot\system32\ntoskrnl.exe
0x0300B000 \SystemRoot\system32\hal.dll
0x00BA1000 \SystemRoot\system32\kdcom.dll
0x00C6A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB9000 \SystemRoot\system32\PSHED.dll
0x00CCD000 \SystemRoot\system32\CLFS.SYS
0x00D2B000 \SystemRoot\system32\CI.dll
0x00E3C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EFE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F0E000 \SystemRoot\system32\drivers\ACPI.sys
0x00F65000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F6E000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F78000 \SystemRoot\system32\drivers\pci.sys
0x00FAB000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FB8000 \SystemRoot\System32\drivers\partmgr.sys
0x00FCD000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE2000 \SystemRoot\system32\drivers\pciide.sys
0x00FE9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E1A000 \SystemRoot\system32\drivers\atapi.sys
0x010F5000 \SystemRoot\system32\drivers\ataport.SYS
0x0111F000 \SystemRoot\system32\drivers\msahci.sys
0x0112A000 \SystemRoot\system32\DRIVERS\jraid.sys
0x01147000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x01176000 \SystemRoot\system32\drivers\amdxata.sys
0x01181000 \SystemRoot\system32\drivers\fltmgr.sys
0x011CD000 \SystemRoot\system32\drivers\fileinfo.sys
0x01241000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013E3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0105E000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01484000 \SystemRoot\system32\drivers\ndis.sys
0x01576000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01474000 \SystemRoot\system32\drivers\vmstorfl.sys
0x018F3000 \SystemRoot\system32\drivers\volsnap.sys
0x0193F000 \SystemRoot\System32\Drivers\spldr.sys
0x01947000 \SystemRoot\System32\drivers\rdyboost.sys
0x01981000 \SystemRoot\System32\Drivers\mup.sys
0x01993000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0199C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019D6000 \SystemRoot\system32\drivers\disk.sys
0x01800000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01830000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x0183C000 \SystemRoot\system32\DRIVERS\avgloga.sys
0x01874000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x01893000 \SystemRoot\system32\DRIVERS\avgidsha.sys
0x018DE000 \SystemRoot\System32\DRIVERS\cmderd.sys
0x015D6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CA2000 \SystemRoot\system32\DRIVERS\cmdguard.sys
0x02D55000 \SystemRoot\System32\Drivers\Null.SYS
0x02D5E000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D65000 \SystemRoot\System32\drivers\vga.sys
0x02D73000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D98000 \SystemRoot\System32\drivers\watchdog.sys
0x02DA8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02DB1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DBA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02DC3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02DCE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C22000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C2F000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x02C3C000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x0420B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04250000 \SystemRoot\system32\drivers\afd.sys
0x042D9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x042E2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04308000 \SystemRoot\system32\DRIVERS\inspect.sys
0x04323000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04332000 \SystemRoot\system32\DRIVERS\serial.sys
0x0434F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0436A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0437E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043CF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x043DB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x043E6000 \SystemRoot\System32\drivers\discache.sys
0x03EAD000 \SystemRoot\system32\drivers\csc.sys
0x03F30000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F4E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F5F000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03F90000 \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
0x03FC4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04836000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04404000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x044F8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0453E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04562000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04573000 \SystemRoot\system32\drivers\usbehci.sys
0x04584000 \SystemRoot\system32\drivers\USBPORT.SYS
0x0405B000 \SystemRoot\system32\drivers\ctaud2k.sys
0x04105000 \SystemRoot\system32\drivers\portcls.sys
0x04142000 \SystemRoot\system32\drivers\drmk.sys
0x04164000 \SystemRoot\system32\drivers\ks.sys
0x041A7000 \SystemRoot\system32\drivers\ctoss2k.sys
0x041D8000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x041E0000 \SystemRoot\system32\drivers\ksthunk.sys
0x04000000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x05AD9000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05B40000 \SystemRoot\system32\DRIVERS\asmtxhci.sys
0x05B9E000 \SystemRoot\system32\DRIVERS\parport.sys
0x05BBB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x05BC7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05BD0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05BE6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05A16000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05A3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05A46000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05A75000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05A90000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05AB1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05ACB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0403E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x041E6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05AD6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05BF6000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x045DA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05E34000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0645A000 \SystemRoot\system32\drivers\ha20x22k.sys
0x06400000 \SystemRoot\system32\drivers\emupia2k.sys
0x05E8E000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x065E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05EC6000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x05EE2000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x07207000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x0736B000 \SystemRoot\system32\drivers\AtihdW76.sys
0x0742D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0769E000 \SystemRoot\system32\DRIVERS\asmthub3.sys
0x076C0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x076DD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x076DF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x076ED000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07706000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0770F000 \SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
0x07724000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07731000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0773F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0774B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07759000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07765000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x07770000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x07783000 \SystemRoot\System32\drivers\Dxapi.sys
0x0778F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x0779D000 \SystemRoot\system32\drivers\luafv.sys
0x077C0000 \SystemRoot\system32\drivers\WudfPf.sys
0x077D9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07400000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05F1F000 \SystemRoot\system32\drivers\HTTP.sys
0x07387000 \SystemRoot\system32\DRIVERS\bowser.sys
0x073A5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x073BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x053A9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07418000 \SystemRoot\system32\drivers\npf.sys
0x07E91000 \SystemRoot\system32\drivers\peauth.sys
0x07F37000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07F42000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07F73000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07F85000 \SystemRoot\System32\DRIVERS\srv2.sys
0x080AB000 \SystemRoot\System32\DRIVERS\srv.sys
0x081B4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x081BF000 \SystemRoot\system32\drivers\LGVirHid.sys
0x081C2000 \??\C:\Users\User4\AppData\Local\Temp\kgloapob.sys
0x77AB0000 \Windows\System32\ntdll.dll
0x47F50000 \Windows\System32\smss.exe
0xFFDD0000 \Windows\System32\apisetschema.dll

Processes (total 80):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
456 C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
504 avgcsrva.exe
776 csrss.exe
840 C:\Windows\System32\wininit.exe
860 csrss.exe
904 C:\Windows\System32\services.exe
924 C:\Windows\System32\lsass.exe
932 C:\Windows\System32\lsm.exe
960 C:\Windows\System32\winlogon.exe
448 C:\Windows\System32\svchost.exe
424 C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
928 C:\Windows\System32\svchost.exe
1084 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1144 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\atiesrxx.exe
1240 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\svchost.exe
1796 C:\Windows\System32\spoolsv.exe
1832 C:\Windows\System32\svchost.exe
1912 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1192 C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
1576 C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
1748 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
1980 C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
1600 C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
2260 C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
2344 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2548 WmiPrvSE.exe
2836 C:\Windows\System32\SearchIndexer.exe
2864 C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
2876 C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
2904 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3268 C:\Windows\System32\svchost.exe
3484 cavwp.exe
3768 avgcsrva.exe
3216 C:\Windows\System32\atieclxx.exe
3600 C:\Windows\System32\taskhost.exe
3840 C:\Windows\System32\dwm.exe
4088 C:\Windows\explorer.exe
4232 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4244 C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
4532 C:\Program Files\Logitech Gaming Software\LCore.exe
4540 C:\Program Files\Windows Sidebar\sidebar.exe
4636 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
4672 C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
4684 C:\Program Files (x86)\AVG\AVG2013\avgui.exe
4764 C:\Windows\SysWOW64\Ctxfihlp.exe
4780 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4836 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4856 C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
4908 C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
4964 C:\Windows\System32\wbem\unsecapp.exe
5076 WmiPrvSE.exe
4184 C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
4504 C:\Windows\System32\svchost.exe
1556 C:\Windows\SysWOW64\CTxfispi.exe
868 C:\Program Files\COMODO\COMODO Internet Security\cis.exe
5000 C:\Windows\System32\svchost.exe
5008 C:\Program Files\Windows Media Player\wmpnetwk.exe
5196 dllhost.exe
5156 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2828 C:\Windows\System32\svchost.exe
5720 C:\Program Files\COMODO\COMODO Internet Security\cis.exe
6952 C:\Windows\System32\audiodg.exe
6156 C:\Program Files (x86)\Skype\Phone\Skype.exe
760 C:\Program Files (x86)\Steam\Steam.exe
2008 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
6444 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
6636 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
5592 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3988 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2432 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2544 C:\Users\User4\Desktop\MBRCheck (1).exe
3912 C:\Windows\System32\conhost.exe
6244 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`d4100000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD502HJ, Rev: 1AJ100E5

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
  • 0

#6
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have a few questions for you :)

1. Is your internet connection through a router?
2. If so, what kind of router is it?
3. Aside from the Skype issues and the installation that was cancelled are you seeing an other issues?

Thanks,

Jasmyne
  • 0

#7
longfellow4

longfellow4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hey,

1. its a cable modem
2. its a ubee evm2200
3. only these two (the skype issues described and cancellation issue) since repartitioning my harddrive. And the usb keyboard and/or mouse disconnecting now and then while gaming, that has happened weeks before the infection though. The only difference now is that the numlock light on the keyboard is not toggable (its on) at the time of the disconnect and there was no numlock light at all before the infection and the usb 'reconnect' sound doesnt appear when my devices go back to 'life' anymore. This makes me assume that it could be the intruder turning my devices off for a short period of time which i very much doubt, but its still a possibility while im playing, but i think its just a hardware problem personally as it has been there for weeks as i said.



The radio channel in the morning and random windows popping up of programs i was using but were minimized happened all before the repartitioning of the hard drive and never again since.

The time when i was writing a new skype message and it started typing in an old skype message which was in editable state was after i did a lightweight reformat with my windows7 disc (took like 3mins). I want to point out again that you have to manually right click, mark and edit a message to put it in an editable state. I never did that and theres only a shortcut to edit a message for the last line you wrote but i wrote many lines after that specific message. This hasnt happened since the repartitioning either, just the small picture maximizing of a friendly profile for no reason, which happened twice, once after reformating and once after repartitioning.


I am worried that my BIOS may be infected and im willing to take action to flash BIOS and to repartition my harddrive again if that makes every infection disappear from my computer.
Im also worried that the backups i made on dvds could be infected, they mainly consist of music files, pictures, pdfs, txt, video container and abobe product files though.

cheers

Edited by longfellow4, 11 July 2013 - 10:14 AM.

  • 0

#8
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Generally the only types of infections that survive a reformat are those of the MBR or router infections. Since you formatted the partitions that should have eliminated an MBR infection and the MBR scan shows it as clean. Since you are not using a router that rules out that possibility. While BIOS infections have been proven, it is highly, highly unlikely to have happened. Most likely the skype issues and the cancellation of the installation are both just part of keyboard/mouse malfunctions that were previously occurring. At this point I think it would be best if you began a topic in the hardware forum here and see if they can troubleshoot the issue as from the malware standpoint the system appears clean.
  • 0

#9
longfellow4

longfellow4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks a lot for your and your instructors time and help. I am not anxious about using my computer anymore now that thats clear. I really appreciate what you guys are doing here.

I have one question though. Am i safe to use the aforementioned file types from my backup dvds that i used during my infection?
Those were:
-music files
-pictures
-pdfs
-txt
-video container
-abobe product files (indd, ps, premiere, etc)

Thanks a lot once again.
  • 0

#10
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
As far as your backup materials, before starting to copy over those materials, you will need to to Disable Autoplay on your computer:
  • Open Control Panel
  • In Search Box in the top right corner type autoplay
  • Click Autoplay
  • Untick the box at the top beside Use AutoPlay for all media and devices

If they are DVD's please download and use Dr Web Cureit from here to scan the DVD's

If you have any USB drives, please download and use McShield to scan your USB's. Once installed it will automatically scan any USB drives when they are plugged into the machine.

Now for some final "housekeeping" procedures.

Step 1 Clear Old Restore Points

Create a new, clean System Restore point:
  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:

  • Next click Start (Windows 7 Orb) >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.

Step 2 OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

~~~~~~~~~~~~~~~~~~~~Anti Malware Protection ~~~~~~~~~~~~~~~~~~~~


MalwareBytes Anti-Malware This is an excellent Anti-Malware product. It offers free malware scanning, free malware removal, and free updates. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

~~~~~~~~~~~~~~~~~~~~Free Antivirus Protection ~~~~~~~~~~~~~~~~~~~~

Always make sure you have an antivirus program! If for some reason in the future you'd like to switch programs here are some recomendations: Microsoft Security Essentials or Avast! Antivirus both are FREE to use. Please remember that you can only have one Antivirus installed at a time.

~~~~~~~~~~~~~~~~~~~~Free Firewall Programs ~~~~~~~~~~~~~~~~~~~~


If for some reason in the future you'd like to switch, Comodo Personal Firewall and Sunbelt Personal Firewall are two good options for a FREE firewall to help protect your computer from any unwanted intruders.

~~~~~~~~~~~~~~~~~~~~Staying Updated ~~~~~~~~~~~~~~~~~~~~


Keeping your PC updated is important to protect yourself against future infections. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit. To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click here to find out how.

File Hippo Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link.

~~~~~~~~~~~~~~~~~~~~Alternate Browsers ~~~~~~~~~~~~~~~~~~~~


Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge add-on list.

Firefox - My personal choice, easy to use and has a large number of excellent add-ons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful add-ons that are worth having installed.

Google Chrome - Is another browser that's easy to use and is worth trying if you want to test out new browsers.

Happy surfing! :wave:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP