1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

svchost.exe

Discussion in 'Virus & Other Malware Removal' started by MrEMU, Feb 26, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. MrEMU

    MrEMU Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    6
    Hello Tech Support Guy Team,

    I have a Problem with the svchost.exe virus which was already in Topic:
    http://forums.techguy.org/virus-other-malware-removal/1088772-svchost-exe-virus-temp-folder.html

    I did the first step and used Combofix to get the Report in the ComboFix.txt.

    In the following I'm Posting the Content of the ComboFix.txt:

    ComboFix 13-02-26.01 - Fabian 26.02.2013 21:42:36.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4096.2558 [GMT 1:00]
    ausgeführt von:: c:\users\Fabian\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    E:\install.exe
    .
    ---- Vorheriger Suchlauf -------
    .
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2013-01-26 bis 2013-02-26 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-26 20:49 . 2013-02-26 20:49 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2013-02-26 20:49 . 2013-02-26 20:49 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2013-02-26 20:49 . 2013-02-26 20:49 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2013-02-26 20:49 . 2013-02-26 20:49 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2013-02-26 20:47 . 2013-02-26 20:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-02-26 19:24 . 2013-02-26 19:24 -------- d-----w- c:\programdata\McAfee
    2013-02-26 17:46 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\C12D.tmp
    2013-02-26 17:40 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\B71E.tmp
    2013-02-26 11:21 . 2013-02-26 16:13 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    2013-02-21 16:40 . 2013-02-22 23:31 -------- d-----w- c:\programdata\ManiaPlanet
    2013-02-21 16:35 . 2013-02-21 16:35 -------- d-----w- c:\users\Fabian\AppData\Local\WinZip
    2013-02-21 16:33 . 2013-02-21 16:34 -------- d-----w- c:\programdata\WinZip
    2013-02-21 16:25 . 2013-02-21 16:25 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-02-21 16:25 . 2013-02-21 16:25 -------- d-----w- c:\users\Fabian\AppData\Local\PunkBuster
    2013-02-21 16:23 . 2013-02-21 16:23 -------- d-----w- c:\programdata\Orbit
    2013-02-14 16:25 . 2013-02-26 20:29 -------- d-----w- c:\users\Fabian\AppData\Roaming\TeamViewer
    2013-02-13 22:24 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 22:24 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 17:47 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-13 17:47 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 17:47 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 17:47 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 17:46 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-13 17:46 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-13 17:46 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-13 17:46 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-13 17:46 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 17:46 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-13 17:46 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 17:46 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-08 15:09 . 2013-02-08 15:09 16365936 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-02-03 18:22 . 2013-02-21 17:51 -------- d-----w- c:\users\Fabian\AppData\Roaming\BitTorrent
    2013-02-03 17:44 . 2013-02-03 17:45 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-02-03 17:44 . 2013-02-03 17:47 -------- d-----w- c:\users\Fabian\AppData\Roaming\DAEMON Tools Lite
    2013-02-03 17:43 . 2013-02-03 17:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2013-01-31 10:59 . 2013-01-31 10:59 -------- d-sh--w- c:\programdata\SecuROM
    2013-01-31 10:36 . 2013-01-31 10:59 -------- d-----w- c:\users\Fabian\AppData\Local\Rockstar Games
    2013-01-31 10:35 . 2013-01-31 10:35 -------- d--h--r- c:\users\Fabian\AppData\Roaming\SecuROM
    2013-01-31 10:31 . 2013-01-31 10:31 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2013-01-31 10:27 . 2013-01-31 10:27 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2013-01-30 18:14 . 2013-01-30 18:14 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-01-30 18:14 . 2013-01-30 18:14 -------- d-----r- c:\program files (x86)\Skype
    2013-01-29 11:25 . 2013-01-29 11:25 -------- d-----w- c:\programdata\Bohemia Interactive Studio
    2013-01-29 11:13 . 2013-01-29 11:13 -------- d-----w- c:\users\Fabian\AppData\Roaming\Play withSIX
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-26 20:15 . 2012-10-04 10:03 22368 ----a-w- c:\windows\system32\drivers\AFD.SYS
    2013-02-26 20:15 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
    2013-02-26 19:23 . 2012-10-25 15:49 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-26 19:23 . 2012-10-25 15:49 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-21 16:25 . 2012-12-17 14:10 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2013-02-21 16:25 . 2012-12-17 14:10 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-02-13 22:29 . 2012-10-04 10:11 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-31 10:52 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2013-01-31 10:51 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-01-04 04:43 . 2013-02-13 17:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-23 00:07 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-23 00:07 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 00:07 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 00:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20 . 2013-01-09 16:06 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 16:06 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 16:06 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 16:06 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 16:06 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 16:06 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 16:06 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 16:06 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 16:06 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 16:06 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 16:06 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 16:06 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 16:06 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 16:06 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 16:06 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 16:06 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 16:06 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 16:06 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 16:06 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 16:06 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 16:06 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 16:06 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 16:06 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 16:06 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 16:06 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 16:06 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 16:06 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 16:06 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 16:06 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 16:06 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 16:06 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 16:06 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-11-30 05:45 . 2013-01-09 16:05 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 16:05 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 16:05 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 16:05 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 16:05 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 16:05 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-09 16:05 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 16:05 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 16:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\Fabian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-02 1199576]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "TrayServer"="p:\magix\Video_deluxe_17_Premium\TrayServer.exe" [2008-08-07 90112]
    "LogMeIn Hamachi Ui"="p:\hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
    "Adobe"="c:\users\Fabian\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
    .
    c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Desktops.lnk - p:\desktops\Desktops.exe [2012-9-30 116088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R2 TeamViewer6;TeamViewer 6;p:\teamviewer\TeamViewer_Service.exe [2011-01-14 2250616]
    R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C12D.tmp [2009-06-18 6144]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
    R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-09-20 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-03 283200]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;p:\hamachi\hamachi-2.exe [2012-12-10 2465712]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    .
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 19:23]
    .
    2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2084198558-4019347831-946478551-1001Core.job
    - c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 14:26]
    .
    2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2084198558-4019347831-946478551-1001UA.job
    - c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 14:26]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Free YouTube Download - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.178.1
    FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\ch379ddp.default\
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={63E93870-1F8E-11E2-B77B-00241D66775C}&src=2&crg=3.1010000.10001&q=
    FF - ExtSQL: 2012-12-27 16:39; {1acd747e-8470-11db-96a9-00e08161165f}; c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\ch379ddp.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    AddRemove-BattlEye for A2 - g:\steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\C12D.tmp"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_USERS\S-1-5-21-2084198558-4019347831-946478551-1001\Software\SecuROM\License information*]
    "datasecu"=hex:c9,04,6e,54,ba,86,7e,8a,61,e6,6c,c3,2c,34,4f,c5,3f,2b,c6,1e,b5,
    da,37,39,d5,01,3f,de,a1,2a,64,c2,0e,b6,8a,9a,79,b7,97,93,4c,59,63,27,29,5d,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2013-02-26 21:54:06 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt 2013-02-26 20:54
    .
    Vor Suchlauf: 12 Verzeichnis(se), 41.805.058.048 Bytes frei
    Nach Suchlauf: 18 Verzeichnis(se), 41.494.761.472 Bytes frei
    .
    - - End Of File - - FE63B27036B16E5F9358B3F481258751
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do the following:

    Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
      services.exe
    • now press the search button
    • when the search is complete, search.txt will also be written to your USB
    • type exit and reboot the computer normally
    • please copy and paste both logs in your reply.(FRST.txt and Search.txt)
     
  3. MrEMU

    MrEMU Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    6
    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2013 01
    Ran by SYSTEM at 28-02-2013 13:39:27
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: German Standard
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [TrayServer] P:\Magix\Video_deluxe_17_Premium\TrayServer.exe [x]
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "P:\Hamachi\hamachi-2-ui.exe" --auto-start [x]
    HKLM-x32\...\Run: [Adobe] C:\Users\Fabian\AppData\Roaming\Adobe\color.vbe [15361 2013-01-19] ()
    HKLM-x32\...\Run: [AVG_UI] "P:\AVG\avgui.exe" /TRAYONLY [x]
    HKU\Fabian\...\Run: [Spotify Web Helper] "C:\Users\Fabian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-11-02] (Spotify Ltd)
    HKU\Fabian\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
    Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktops.lnk
    ShortcutTarget: Desktops.lnk -> P:\Desktops\Desktops.exe (No File)

    ==================== Services (Whitelisted) ===================

    3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-21] ()
    2 AVGIDSAgent; C:\AVG\avgidsagent.exe [x]
    2 avgwd; C:\AVG\avgwdsvc.exe [x]
    2 Hamachi2Svc; C:\Hamachi\hamachi-2.exe -s [x]
    2 TeamViewer6; C:\Teamviewer\TeamViewer_Service.exe [x]

    ==================== Drivers (Whitelisted) =====================

    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2013-02-03] (DT Soft Ltd)
    3 MEMSWEEP2; \??\C:\Windows\system32\C12D.tmp [6144 2009-06-18] (Sophos Plc)
    3 ssudobex; C:\Windows\System32\Drivers\ssudobex.sys [203104 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 catchme; \??\C:\ComboFix\catchme.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-02-28 00:40 - 2013-01-13 22:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 22:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 22:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 22:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-02-28 00:40 - 2013-01-13 22:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-02-28 00:40 - 2013-01-13 22:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 22:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 22:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 22:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-02-28 00:40 - 2013-01-13 21:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-02-28 00:40 - 2013-01-13 21:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2013-02-28 00:40 - 2013-01-13 21:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2013-02-28 00:40 - 2013-01-13 21:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2013-02-28 00:40 - 2013-01-13 21:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2013-02-28 00:40 - 2013-01-13 21:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2013-02-28 00:40 - 2013-01-13 20:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-02-28 00:40 - 2013-01-13 20:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
    2013-02-28 00:40 - 2013-01-13 20:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2013-02-28 00:40 - 2013-01-13 20:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
    2013-02-28 00:40 - 2013-01-13 20:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2013-02-28 00:40 - 2013-01-13 20:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2013-02-28 00:40 - 2013-01-13 20:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2013-02-28 00:40 - 2013-01-13 20:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2013-02-28 00:40 - 2013-01-13 20:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2013-02-28 00:40 - 2013-01-13 20:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2013-02-28 00:40 - 2013-01-13 20:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2013-02-28 00:40 - 2013-01-13 20:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2013-02-28 00:40 - 2013-01-13 20:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
    2013-02-28 00:40 - 2013-01-13 20:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2013-02-28 00:40 - 2013-01-13 20:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
    2013-02-28 00:40 - 2013-01-13 20:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2013-02-28 00:40 - 2013-01-13 20:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
    2013-02-28 00:40 - 2013-01-13 20:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
    2013-02-28 00:40 - 2013-01-13 20:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2013-02-28 00:40 - 2013-01-13 20:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2013-02-28 00:40 - 2013-01-13 20:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2013-02-28 00:40 - 2013-01-13 20:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-02-28 00:40 - 2013-01-13 19:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2013-02-28 00:40 - 2013-01-13 19:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2013-02-28 00:40 - 2013-01-13 19:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2013-02-28 00:40 - 2013-01-13 18:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2013-02-28 00:40 - 2013-01-13 18:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
    2013-02-28 00:40 - 2013-01-04 07:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
    2013-02-28 00:40 - 2013-01-04 07:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2013-02-27 15:51 - 2013-02-27 15:51 - 00540072 ____A (Neuber Software) C:\Users\Fabian\Desktop\SvchostAnalyzer.exe
    2013-02-26 23:38 - 2013-02-27 14:23 - 00000549 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-02-26 23:38 - 2013-02-26 23:38 - 00000000 ___HD C:\$AVG
    2013-02-26 21:54 - 2013-02-26 21:54 - 00027101 ____A C:\ComboFix.txt
    2013-02-26 21:34 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-02-26 21:34 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-02-26 21:34 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-02-26 21:34 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-02-26 21:34 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-02-26 21:34 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
    2013-02-26 21:34 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
    2013-02-26 21:34 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
    2013-02-26 21:22 - 2013-02-26 21:22 - 05036023 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
    2013-02-26 21:09 - 2013-02-26 21:09 - 20516183 ____A C:\root-kit2.txt
    2013-02-26 20:39 - 2013-02-26 21:54 - 00000000 ____D C:\Qoobox
    2013-02-26 20:39 - 2013-02-26 21:52 - 00000000 ____D C:\Windows\erdnt
    2013-02-26 20:24 - 2013-02-26 20:24 - 00000000 ____D C:\ProgramData\McAfee
    2013-02-26 18:46 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\System32\C12D.tmp
    2013-02-26 18:44 - 2013-02-26 18:46 - 21916184 ____A C:\root-kit.txt
    2013-02-26 18:40 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\System32\B71E.tmp
    2013-02-26 18:38 - 2013-02-26 18:38 - 01339288 ____A C:\Users\Fabian\Downloads\sar_15_sfx.exe
    2013-02-26 12:21 - 2013-02-26 17:13 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
    2013-02-24 18:48 - 2013-02-24 18:48 - 00000000 ____D C:\Users\Public\Documents\CrashDump
    2013-02-24 10:44 - 2013-02-24 10:45 - 00000055 ____A C:\Users\Fabian\Desktop\TS3 Server.txt
    2013-02-21 17:43 - 2013-02-23 02:01 - 00000000 ____D C:\Users\Fabian\Documents\ManiaPlanet
    2013-02-21 17:40 - 2013-02-23 00:31 - 00000000 ____D C:\ProgramData\ManiaPlanet
    2013-02-21 17:35 - 2013-02-21 17:35 - 00000000 ____D C:\Users\Fabian\AppData\Local\WinZip
    2013-02-21 17:33 - 2013-02-21 17:34 - 00000000 ____D C:\ProgramData\WinZip
    2013-02-21 17:28 - 2013-02-21 17:29 - 56836608 ____A C:\Users\Fabian\Downloads\wz170-32gev.msi
    2013-02-21 17:25 - 2013-02-21 17:25 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2013-02-21 17:25 - 2013-02-21 17:25 - 00000000 ____D C:\Users\Fabian\AppData\Local\PunkBuster
    2013-02-21 17:23 - 2013-02-21 17:23 - 00000000 ____D C:\ProgramData\Orbit
    2013-02-21 00:35 - 2013-02-24 14:19 - 00000000 ____D C:\Users\Fabian\Desktop\MC Mods
    2013-02-20 23:56 - 2013-02-21 00:42 - 1992294400 ____A C:\Users\Fabian\Downloads\World_of_Warcraft_3.3.5a.part01.exe
    2013-02-20 20:52 - 2013-02-20 20:52 - 00013149 ____A C:\Users\Fabian\Downloads\ShootmaniaOpenBeta.torrent
    2013-02-17 18:28 - 2013-02-17 18:28 - 00292757 ____A C:\Users\Fabian\Downloads\Presentation.pptx
    2013-02-15 17:57 - 2013-02-17 16:29 - 00000675 ____A C:\Users\Fabian\Desktop\save2.sav
    2013-02-14 19:40 - 2013-02-15 17:49 - 00000504 ____A C:\Users\Fabian\Desktop\save1.sav
    2013-02-14 19:38 - 2013-02-17 16:41 - 00000602 ____A C:\Users\Fabian\Desktop\config.ini
    2013-02-14 19:38 - 2013-02-17 16:29 - 00000192 ____A C:\Users\Fabian\Desktop\trophy.sav
    2013-02-14 19:30 - 2013-02-14 19:33 - 46683648 ____A C:\Users\Fabian\Desktop\iwbtggv1d2b.exe
    2013-02-14 17:25 - 2013-02-26 21:29 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\TeamViewer
    2013-02-13 23:23 - 2013-01-09 02:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-02-13 23:23 - 2013-01-09 02:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-02-13 23:23 - 2013-01-09 02:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-02-13 23:23 - 2013-01-09 02:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-02-13 23:23 - 2013-01-09 02:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-02-13 23:23 - 2013-01-09 02:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-02-13 23:23 - 2013-01-09 02:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-02-13 23:23 - 2013-01-09 02:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-02-13 23:23 - 2013-01-09 02:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-02-13 23:23 - 2013-01-09 02:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-02-13 23:23 - 2013-01-09 02:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-02-13 23:23 - 2013-01-09 02:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-02-13 23:23 - 2013-01-09 02:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-02-13 23:23 - 2013-01-09 02:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-02-13 23:23 - 2013-01-09 02:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-02-13 23:23 - 2013-01-09 02:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-02-13 23:23 - 2013-01-08 23:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-02-13 23:23 - 2013-01-08 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-02-13 23:23 - 2013-01-08 23:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-02-13 23:23 - 2013-01-08 23:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-02-13 23:23 - 2013-01-08 23:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-02-13 23:23 - 2013-01-08 23:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-02-13 23:23 - 2013-01-08 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-02-13 23:23 - 2013-01-08 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-02-13 23:23 - 2013-01-08 22:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-02-13 23:23 - 2013-01-08 22:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-02-13 23:23 - 2013-01-08 22:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-02-13 23:23 - 2013-01-08 22:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-02-13 23:23 - 2013-01-08 22:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-02-13 23:23 - 2013-01-08 22:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-02-13 23:23 - 2013-01-08 22:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-02-13 23:23 - 2013-01-08 22:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-02-13 18:47 - 2013-01-05 06:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-02-13 18:47 - 2013-01-05 06:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-02-13 18:47 - 2013-01-05 06:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-02-13 18:47 - 2013-01-04 04:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-02-13 18:46 - 2013-01-04 06:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-02-13 18:46 - 2013-01-04 05:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-02-13 18:46 - 2013-01-04 03:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-02-13 18:46 - 2013-01-04 03:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-02-13 18:46 - 2013-01-04 03:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-02-13 18:46 - 2013-01-04 03:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-02-13 18:46 - 2013-01-03 07:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-02-13 18:46 - 2013-01-03 07:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-02-08 16:09 - 2013-02-27 21:09 - 15846768 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2013-02-04 23:33 - 2013-02-04 23:33 - 00000692 ____A C:\Users\UpdatusUser\Desktop\Half-Life.lnk
    2013-02-04 23:33 - 2013-02-04 23:33 - 00000057 ____A C:\Windows\sierra.ini
    2013-02-04 00:14 - 2013-02-04 00:14 - 00000000 ____D C:\Windows\SysWOW64\directx
    2013-02-03 19:22 - 2013-02-21 18:51 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\BitTorrent
    2013-02-03 19:22 - 2013-02-03 19:22 - 01053520 ____A (BitTorrent Inc.) C:\Users\Fabian\Downloads\BitTorrent_7.8.exe
    2013-02-03 18:54 - 2013-02-03 18:54 - 00392750 ____A C:\Users\Fabian\Downloads\SD_German_Patch.exe
    2013-02-03 18:44 - 2013-02-03 18:47 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\DAEMON Tools Lite
    2013-02-03 18:44 - 2013-02-03 18:45 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2013-02-03 18:43 - 2013-02-03 18:47 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
    2013-02-03 18:41 - 2013-02-03 18:42 - 14682176 ____A (DT Soft Ltd) C:\Users\Fabian\Downloads\DTLite4461-0327.exe
    2013-02-03 12:24 - 2013-02-03 12:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
    2013-01-31 11:59 - 2013-01-31 11:59 - 00000000 __SHD C:\ProgramData\SecuROM
    2013-01-31 11:56 - 2013-01-31 11:56 - 00000000 ____D C:\Users\Fabian\Documents\Rockstar Games
    2013-01-31 11:36 - 2013-01-31 11:59 - 00000000 ____D C:\Users\Fabian\AppData\Local\Rockstar Games
    2013-01-31 11:35 - 2013-01-31 11:35 - 00000000 __RHD C:\Users\Fabian\AppData\Roaming\SecuROM
    2013-01-31 11:31 - 2013-01-31 11:31 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2013-01-31 11:27 - 2013-01-31 11:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2013-01-30 19:14 - 2013-01-30 19:14 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-01-29 12:25 - 2013-01-29 12:25 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
    2013-01-29 12:24 - 2013-01-29 12:25 - 12472010 ____A C:\Users\Fabian\Downloads\Nicht bestätigt 314201.crdownload
    2013-01-29 12:13 - 2013-01-29 12:13 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Play withSIX
    2013-01-29 11:28 - 2013-01-29 11:28 - 00000000 ____D C:\Users\Fabian\Desktop\Surgeon Simulator
    2013-01-29 11:25 - 2013-01-29 11:27 - 24364137 ____A C:\Users\Fabian\Downloads\surgeonsimulator2013_win.zip


    ==================== One Month Modified Files and Folders =======

    2013-02-28 13:38 - 2013-02-28 13:38 - 00000000 ____D C:\FRST
    2013-02-28 13:32 - 2012-10-04 10:08 - 01743159 ____A C:\Windows\WindowsUpdate.log
    2013-02-28 13:32 - 2009-07-14 05:51 - 00035539 ____A C:\Windows\setupact.log
    2013-02-28 13:32 - 2009-07-14 05:45 - 00013536 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-02-28 13:32 - 2009-07-14 05:45 - 00013536 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-02-28 13:31 - 2012-10-04 15:41 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Skype
    2013-02-28 13:30 - 2012-10-04 15:37 - 00000000 ____D C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
    2013-02-28 13:28 - 2012-10-04 14:42 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-02-28 13:28 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-02-28 13:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
    2013-02-28 13:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
    2013-02-28 13:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\zh-HK
    2013-02-28 13:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\tr-TR
    2013-02-28 00:09 - 2012-10-25 16:49 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-02-27 23:49 - 2012-10-04 15:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2084198558-4019347831-946478551-1001UA.job
    2013-02-27 23:49 - 2012-10-04 15:26 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2084198558-4019347831-946478551-1001Core.job
    2013-02-27 23:24 - 2012-10-20 23:45 - 00000000 ____D C:\Users\Fabian\AppData\Local\PMB Files
    2013-02-27 23:24 - 2012-10-20 23:45 - 00000000 ____D C:\ProgramData\PMB Files
    2013-02-27 21:09 - 2013-02-08 16:09 - 15846768 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2013-02-27 21:09 - 2012-10-25 16:49 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-02-27 21:09 - 2012-10-25 16:49 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-02-27 19:23 - 2012-10-04 12:31 - 00000000 ____D C:\ProgramData\MFAData
    2013-02-27 15:51 - 2013-02-27 15:51 - 00540072 ____A (Neuber Software) C:\Users\Fabian\Desktop\SvchostAnalyzer.exe
    2013-02-27 14:23 - 2013-02-26 23:38 - 00000549 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-02-26 23:39 - 2012-10-04 14:36 - 00000000 ____D C:\ProgramData\AVG2013
    2013-02-26 23:38 - 2013-02-26 23:38 - 00000000 ___HD C:\$AVG
    2013-02-26 22:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-02-26 22:12 - 2009-07-14 06:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-02-26 21:54 - 2013-02-26 21:54 - 00027101 ____A C:\ComboFix.txt
    2013-02-26 21:54 - 2013-02-26 20:39 - 00000000 ____D C:\Qoobox
    2013-02-26 21:54 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default
    2013-02-26 21:52 - 2013-02-26 20:39 - 00000000 ____D C:\Windows\erdnt
    2013-02-26 21:50 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
    2013-02-26 21:48 - 2012-10-04 13:59 - 00011610 ____A C:\Windows\PFRO.log
    2013-02-26 21:37 - 2009-07-14 18:58 - 00654150 ____A C:\Windows\System32\perfh007.dat
    2013-02-26 21:37 - 2009-07-14 18:58 - 00130022 ____A C:\Windows\System32\perfc007.dat
    2013-02-26 21:37 - 2009-07-14 06:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-02-26 21:29 - 2013-02-14 17:25 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\TeamViewer
    2013-02-26 21:22 - 2013-02-26 21:22 - 05036023 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
    2013-02-26 21:17 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-02-26 21:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
    2013-02-26 21:09 - 2013-02-26 21:09 - 20516183 ____A C:\root-kit2.txt
    2013-02-26 20:30 - 2012-11-03 10:47 - 00000000 ____D C:\Windows\pss
    2013-02-26 20:25 - 2012-10-04 15:23 - 00000000 ____D C:\ProgramData\Adobe
    2013-02-26 20:24 - 2013-02-26 20:24 - 00000000 ____D C:\ProgramData\McAfee
    2013-02-26 18:46 - 2013-02-26 18:44 - 21916184 ____A C:\root-kit.txt
    2013-02-26 18:38 - 2013-02-26 18:38 - 01339288 ____A C:\Users\Fabian\Downloads\sar_15_sfx.exe
    2013-02-26 17:13 - 2013-02-26 12:21 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
    2013-02-25 00:02 - 2012-11-25 18:22 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\TS3Client
    2013-02-24 18:48 - 2013-02-24 18:48 - 00000000 ____D C:\Users\Public\Documents\CrashDump
    2013-02-24 14:19 - 2013-02-21 00:35 - 00000000 ____D C:\Users\Fabian\Desktop\MC Mods
    2013-02-24 14:18 - 2012-10-04 10:50 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\.minecraft
    2013-02-24 10:45 - 2013-02-24 10:44 - 00000055 ____A C:\Users\Fabian\Desktop\TS3 Server.txt
    2013-02-24 01:05 - 2012-10-04 15:54 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Spotify
    2013-02-23 15:00 - 2012-10-04 15:54 - 00000000 ____D C:\Users\Fabian\AppData\Local\Spotify
    2013-02-23 02:01 - 2013-02-21 17:43 - 00000000 ____D C:\Users\Fabian\Documents\ManiaPlanet
    2013-02-23 00:31 - 2013-02-21 17:40 - 00000000 ____D C:\ProgramData\ManiaPlanet
    2013-02-22 14:57 - 2012-10-04 10:21 - 00000000 ____D C:\Users\Fabian\AppData\Local\VirtualStore
    2013-02-21 18:51 - 2013-02-03 19:22 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\BitTorrent
    2013-02-21 18:05 - 2012-10-04 15:12 - 00000000 ____D C:\Users\Fabian\Desktop\Spiele
    2013-02-21 17:45 - 2012-10-04 16:34 - 00000000 ____D C:\Users\Fabian\Desktop\Tools
    2013-02-21 17:35 - 2013-02-21 17:35 - 00000000 ____D C:\Users\Fabian\AppData\Local\WinZip
    2013-02-21 17:34 - 2013-02-21 17:33 - 00000000 ____D C:\ProgramData\WinZip
    2013-02-21 17:34 - 2012-10-04 10:21 - 00000000 ____D C:\users\Fabian
    2013-02-21 17:29 - 2013-02-21 17:28 - 56836608 ____A C:\Users\Fabian\Downloads\wz170-32gev.msi
    2013-02-21 17:25 - 2013-02-21 17:25 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2013-02-21 17:25 - 2013-02-21 17:25 - 00000000 ____D C:\Users\Fabian\AppData\Local\PunkBuster
    2013-02-21 17:25 - 2012-12-17 15:10 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2013-02-21 17:25 - 2012-12-17 15:10 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2013-02-21 17:23 - 2013-02-21 17:23 - 00000000 ____D C:\ProgramData\Orbit
    2013-02-21 17:23 - 2012-10-04 16:23 - 00000000 ____D C:\Users\Fabian\Documents\my games
    2013-02-21 17:16 - 2012-10-11 14:26 - 00000000 ___HD C:\Users\Fabian\AppData\Roaming\Adobe
    2013-02-21 00:42 - 2013-02-20 23:56 - 1992294400 ____A C:\Users\Fabian\Downloads\World_of_Warcraft_3.3.5a.part01.exe
    2013-02-20 20:52 - 2013-02-20 20:52 - 00013149 ____A C:\Users\Fabian\Downloads\ShootmaniaOpenBeta.torrent
    2013-02-17 18:28 - 2013-02-17 18:28 - 00292757 ____A C:\Users\Fabian\Downloads\Presentation.pptx
    2013-02-17 16:41 - 2013-02-14 19:38 - 00000602 ____A C:\Users\Fabian\Desktop\config.ini
    2013-02-17 16:29 - 2013-02-15 17:57 - 00000675 ____A C:\Users\Fabian\Desktop\save2.sav
    2013-02-17 16:29 - 2013-02-14 19:38 - 00000192 ____A C:\Users\Fabian\Desktop\trophy.sav
    2013-02-15 17:49 - 2013-02-14 19:40 - 00000504 ____A C:\Users\Fabian\Desktop\save1.sav
    2013-02-14 19:33 - 2013-02-14 19:30 - 46683648 ____A C:\Users\Fabian\Desktop\iwbtggv1d2b.exe
    2013-02-14 15:33 - 2009-07-14 05:45 - 00376920 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-02-13 23:29 - 2012-10-04 11:11 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-02-04 23:33 - 2013-02-04 23:33 - 00000692 ____A C:\Users\UpdatusUser\Desktop\Half-Life.lnk
    2013-02-04 23:33 - 2013-02-04 23:33 - 00000057 ____A C:\Windows\sierra.ini
    2013-02-04 00:14 - 2013-02-04 00:14 - 00000000 ____D C:\Windows\SysWOW64\directx
    2013-02-03 19:22 - 2013-02-03 19:22 - 01053520 ____A (BitTorrent Inc.) C:\Users\Fabian\Downloads\BitTorrent_7.8.exe
    2013-02-03 18:54 - 2013-02-03 18:54 - 00392750 ____A C:\Users\Fabian\Downloads\SD_German_Patch.exe
    2013-02-03 18:47 - 2013-02-03 18:44 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\DAEMON Tools Lite
    2013-02-03 18:47 - 2013-02-03 18:43 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
    2013-02-03 18:45 - 2013-02-03 18:44 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2013-02-03 18:42 - 2013-02-03 18:41 - 14682176 ____A (DT Soft Ltd) C:\Users\Fabian\Downloads\DTLite4461-0327.exe
    2013-02-03 12:24 - 2013-02-03 12:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
    2013-01-31 11:59 - 2013-01-31 11:59 - 00000000 __SHD C:\ProgramData\SecuROM
    2013-01-31 11:59 - 2013-01-31 11:36 - 00000000 ____D C:\Users\Fabian\AppData\Local\Rockstar Games
    2013-01-31 11:58 - 2012-10-21 00:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-01-31 11:56 - 2013-01-31 11:56 - 00000000 ____D C:\Users\Fabian\Documents\Rockstar Games
    2013-01-31 11:49 - 2012-10-11 20:09 - 00302626 ____A C:\Windows\DirectX.log
    2013-01-31 11:49 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2013-01-31 11:35 - 2013-01-31 11:35 - 00000000 __RHD C:\Users\Fabian\AppData\Roaming\SecuROM
    2013-01-31 11:31 - 2013-01-31 11:31 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2013-01-31 11:27 - 2013-01-31 11:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2013-01-30 19:14 - 2013-01-30 19:14 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-01-30 19:14 - 2012-10-04 15:41 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
    2013-01-30 19:14 - 2012-10-04 15:41 - 00000000 ____D C:\ProgramData\Skype
    2013-01-29 12:56 - 2012-10-16 13:46 - 00000000 ____D C:\Users\Fabian\AppData\Local\ArmA 2 OA
    2013-01-29 12:27 - 2012-10-15 13:46 - 00000000 ____D C:\Users\Fabian\Documents\ArmA 2
    2013-01-29 12:25 - 2013-01-29 12:25 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
    2013-01-29 12:25 - 2013-01-29 12:24 - 12472010 ____A C:\Users\Fabian\Downloads\Nicht bestätigt 314201.crdownload
    2013-01-29 12:14 - 2012-10-16 13:42 - 00000000 ____D C:\Users\Fabian\AppData\Local\Play withSIX
    2013-01-29 12:13 - 2013-01-29 12:13 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Play withSIX
    2013-01-29 12:11 - 2012-10-15 13:42 - 00000000 ____D C:\Users\Fabian\AppData\Local\Downloaded Installations
    2013-01-29 11:28 - 2013-01-29 11:28 - 00000000 ____D C:\Users\Fabian\Desktop\Surgeon Simulator
    2013-01-29 11:27 - 2013-01-29 11:25 - 24364137 ____A C:\Users\Fabian\Downloads\surgeonsimulator2013_win.zip

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-02-26 20:40:46
    Restore point made on: 2013-02-26 21:12:01
    Restore point made on: 2013-02-26 21:24:25
    Restore point made on: 2013-02-26 21:24:59
    Restore point made on: 2013-02-26 21:38:24
    Restore point made on: 2013-02-26 21:39:52
    Restore point made on: 2013-02-26 23:37:27
    Restore point made on: 2013-02-26 23:37:47
    Restore point made on: 2013-02-28 00:40:15

    ==================== Memory info ===========================

    Percentage of memory in use: 14%
    Total physical RAM: 4095.55 MB
    Available physical RAM: 3487.75 MB
    Total Pagefile: 4093.7 MB
    Available Pagefile: 3478.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    2 Drive c: () (Fixed) (Total:91.19 GB) (Free:38.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive d: (Daten) (Fixed) (Total:67.04 GB) (Free:39.56 GB) NTFS
    4 Drive e: (Medien) (Fixed) (Total:15.04 GB) (Free:3.74 GB) NTFS
    5 Drive f: (Spiele) (Fixed) (Total:173.07 GB) (Free:29.49 GB) NTFS
    6 Drive g: (Programme) (Fixed) (Total:26.27 GB) (Free:22.05 GB) NTFS
    7 Drive h: (GRMCHPXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
    8 Drive i: (USB) (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32
    9 Drive j: (Volume) (Fixed) (Total:931.51 GB) (Free:693.83 GB) NTFS
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Datentr„ger ### Status Gr”áe Frei Dyn GPT
    --------------- ------------- ------- ------- --- ---
    Datentr„ger 0 Online 372 GB 0 B
    Datentr„ger 1 Online 3856 MB 0 B
    Datentr„ger 2 Online 931 GB 0 B

    Partitions of Disk 0:
    ===============

    Datentr„ger-ID: B0BE3F48

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 91 GB 32 KB
    Partition 0 Erweitert 281 GB 91 GB
    Partition 2 Logisch 67 GB 91 GB
    Partition 3 Logisch 15 GB 158 GB
    Partition 4 Logisch 173 GB 173 GB
    Partition 5 Logisch 26 GB 346 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 91 GB Fehlerfre

    =========================================================

    Disk: 0
    Partition 2
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Daten NTFS Partition 67 GB Fehlerfre

    =========================================================

    Disk: 0
    Partition 3
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Medien NTFS Partition 15 GB Fehlerfre

    =========================================================

    Disk: 0
    Partition 4
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Spiele NTFS Partition 173 GB Fehlerfre

    =========================================================

    Disk: 0
    Partition 5
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 G Programme NTFS Partition 26 GB Fehlerfre

    =========================================================

    Partitions of Disk 1:
    ===============

    Datentr„ger-ID: 00000001

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    * Partition 1 Prim„r 3856 MB 0 B

    ==================================================================================

    Disk: 1
    Es wurde keine Partition gew„hlt.

    Es wurde keine Partition ausgew„hlt.
    W„hlen Sie eine Partition, und wiederholen Sie den Vorgang.

    =========================================================

    Partitions of Disk 2:
    ===============

    Datentr„ger-ID: 939B89C2

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 931 GB 1024 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J Volume NTFS Partition 931 GB Fehlerfre

    =========================================================

    Last Boot: 2012-10-15 12:22

    ==================== End Of Log =============================

    Search.txt

    Farbar Recovery Scan Tool (x64) Version: 23-02-2013 01
    Ran by SYSTEM at 2013-02-28 13:41:49
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\erdnt\cache64\services.exe
    [2013-02-26 21:52] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please post the ComboFix log (it should be located at C:\ComboFix.txt

    then run the following:

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • when the window opens, click on Change Parameters
    • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
    • click OK
    • Press Start Scan
      • If Malicious objects are found then ensure Cure is selected
      • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)


    NEXT


    Please download Junkware Removal Tool to your desktop.
    • Shutdown your antivirus to avoid any conflicts.
    • Right-mouse click JRT.exe and select Run as administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message


    NEXT


    Download AdwCleaner from here and save it to your desktop.
    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply


    NEXT


    Please download Malwarebytes Anti-Malware
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


    NEXT


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  5. MrEMU

    MrEMU Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    6
    ComboFix.txt

    ComboFix 13-03-02.01 - Fabian 03.03.2013 14:18:49.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4096.2688 [GMT 1:00]
    ausgeführt von:: c:\users\Fabian\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2013-02-03 bis 2013-03-03 ))))))))))))))))))))))))))))))
    .
    .
    2013-03-03 13:29 . 2013-03-03 13:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-03-03 13:29 . 2013-03-03 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-03-03 13:13 . 2013-03-03 13:13 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2013-03-03 13:13 . 2013-03-03 13:13 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2013-03-03 13:13 . 2013-03-03 13:13 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2013-03-03 13:13 . 2013-03-03 13:13 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2013-03-03 13:13 . 2013-03-03 13:13 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2013-03-03 13:12 . 2013-03-03 13:12 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2013-03-03 13:12 . 2013-03-03 13:12 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2013-03-03 13:12 . 2013-03-03 13:12 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2013-03-03 13:12 . 2013-03-03 13:12 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2013-03-03 13:12 . 2013-03-03 13:12 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2013-03-03 13:12 . 2013-03-03 13:12 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2013-03-03 13:12 . 2013-03-03 13:12 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2013-03-03 13:12 . 2013-03-03 13:12 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2013-03-03 13:12 . 2013-03-03 13:12 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2013-03-03 13:12 . 2013-03-03 13:12 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2013-03-03 13:12 . 2013-03-03 13:12 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2013-03-03 13:12 . 2013-03-03 13:12 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2013-02-28 12:38 . 2013-02-28 12:38 -------- d-----w- C:\FRST
    2013-02-26 22:38 . 2013-02-26 22:38 -------- d-----w- C:\$AVG
    2013-02-26 19:24 . 2013-02-26 19:24 -------- d-----w- c:\programdata\McAfee
    2013-02-26 17:46 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\C12D.tmp
    2013-02-26 17:40 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\B71E.tmp
    2013-02-26 11:21 . 2013-02-26 16:13 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    2013-02-21 16:40 . 2013-02-22 23:31 -------- d-----w- c:\programdata\ManiaPlanet
    2013-02-21 16:35 . 2013-02-21 16:35 -------- d-----w- c:\users\Fabian\AppData\Local\WinZip
    2013-02-21 16:33 . 2013-02-21 16:34 -------- d-----w- c:\programdata\WinZip
    2013-02-21 16:25 . 2013-02-21 16:25 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-02-21 16:25 . 2013-02-21 16:25 -------- d-----w- c:\users\Fabian\AppData\Local\PunkBuster
    2013-02-21 16:23 . 2013-02-21 16:23 -------- d-----w- c:\programdata\Orbit
    2013-02-14 16:25 . 2013-02-26 20:29 -------- d-----w- c:\users\Fabian\AppData\Roaming\TeamViewer
    2013-02-13 22:24 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 22:24 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 17:47 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-13 17:47 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 17:47 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 17:47 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 17:46 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-13 17:46 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-13 17:46 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-13 17:46 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-13 17:46 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 17:46 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-13 17:46 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 17:46 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-08 15:09 . 2013-02-27 20:09 15846768 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-02-03 18:22 . 2013-03-03 13:28 -------- d-----w- c:\users\Fabian\AppData\Roaming\BitTorrent
    2013-02-03 17:44 . 2013-02-03 17:45 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-02-03 17:44 . 2013-02-03 17:47 -------- d-----w- c:\users\Fabian\AppData\Roaming\DAEMON Tools Lite
    2013-02-03 17:43 . 2013-02-03 17:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-27 20:09 . 2012-10-25 15:49 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-27 20:09 . 2012-10-25 15:49 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-21 16:25 . 2012-12-17 14:10 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2013-02-21 16:25 . 2012-12-17 14:10 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-02-13 22:29 . 2012-10-04 10:11 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-31 10:52 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2013-01-31 10:51 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-01-31 10:31 . 2013-01-31 10:31 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2013-01-04 04:43 . 2013-02-13 17:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-23 00:07 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-23 00:07 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 00:07 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 00:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20 . 2013-01-09 16:06 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 16:06 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 16:06 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 16:06 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 16:06 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 16:06 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 16:06 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 16:06 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 16:06 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 16:06 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 16:06 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 16:06 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 16:06 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 16:06 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 16:06 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 16:06 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 16:06 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 16:06 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 16:06 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 16:06 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 16:06 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 16:06 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 16:06 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 16:06 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 16:06 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 16:06 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 16:06 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 16:06 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 16:06 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 16:06 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 16:06 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 16:06 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\Fabian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-02 1199576]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
    "BitTorrent"="p:\bittorrent\BitTorrent.exe" [2013-02-03 1053520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "TrayServer"="p:\magix\Video_deluxe_17_Premium\TrayServer.exe" [2008-08-07 90112]
    "LogMeIn Hamachi Ui"="p:\hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
    "Adobe"="c:\users\Fabian\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
    "AVG_UI"="p:\avg\avgui.exe" [2012-12-11 3147384]
    .
    c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Desktops.lnk - p:\desktops\Desktops.exe [2012-9-30 116088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0p:\avg\avgrsa.exe /sync /restart
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C12D.tmp [2009-06-18 6144]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
    R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-09-20 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-03 283200]
    S2 AVGIDSAgent;AVGIDSAgent;p:\avg\avgidsagent.exe [2012-11-15 5814904]
    S2 avgwd;AVG WatchDog;p:\avg\avgwdsvc.exe [2012-10-22 196664]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;p:\hamachi\hamachi-2.exe [2012-12-10 2465712]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 TeamViewer6;TeamViewer 6;p:\teamviewer\TeamViewer_Service.exe [2011-01-14 2250616]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
    S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    .
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 20:09]
    .
    2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2084198558-4019347831-946478551-1001Core.job
    - c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 14:26]
    .
    2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2084198558-4019347831-946478551-1001UA.job
    - c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 14:26]
    .
    .
    --------- X64 Entries -----------
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Free YouTube Download - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.178.1
    FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\ch379ddp.default\
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={63E93870-1F8E-11E2-B77B-00241D66775C}&src=2&crg=3.1010000.10001&q=
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    AddRemove-BattlEye for A2 - g:\steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\C12D.tmp"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_USERS\S-1-5-21-2084198558-4019347831-946478551-1001\Software\SecuROM\License information*]
    "datasecu"=hex:c9,04,6e,54,ba,86,7e,8a,61,e6,6c,c3,2c,34,4f,c5,3f,2b,c6,1e,b5,
    da,37,39,d5,01,3f,de,a1,2a,64,c2,0e,b6,8a,9a,79,b7,97,93,4c,59,63,27,29,5d,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2013-03-03 14:41:25
    ComboFix-quarantined-files.txt 2013-03-03 13:41
    ComboFix2.txt 2013-02-26 20:54
    .
    Vor Suchlauf: 19 Verzeichnis(se), 35.697.102.848 Bytes frei
    Nach Suchlauf: 20 Verzeichnis(se), 35.375.673.344 Bytes frei
    .
    - - End Of File - - BE05B6E779EDB1AA9FA27585FAEA854B

    TDSSKiller

    14:45:39.0629 4808 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    14:45:39.0878 4808 ============================================================
    14:45:39.0878 4808 Current date / time: 2013/03/03 14:45:39.0878
    14:45:39.0878 4808 SystemInfo:
    14:45:39.0878 4808
    14:45:39.0878 4808 OS Version: 6.1.7601 ServicePack: 1.0
    14:45:39.0879 4808 Product type: Workstation
    14:45:39.0879 4808 ComputerName: FABIAN-PC
    14:45:39.0879 4808 UserName: Fabian
    14:45:39.0879 4808 Windows directory: C:\Windows
    14:45:39.0879 4808 System windows directory: C:\Windows
    14:45:39.0879 4808 Running under WOW64
    14:45:39.0879 4808 Processor architecture: Intel x64
    14:45:39.0879 4808 Number of processors: 2
    14:45:39.0879 4808 Page size: 0x1000
    14:45:39.0879 4808 Boot type: Normal boot
    14:45:39.0879 4808 ============================================================
    14:45:40.0478 4808 Drive \Device\Harddisk0\DR0 - Size: 0x5D2710DE00 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBD432, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
    14:45:40.0481 4808 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    14:45:40.0482 4808 ============================================================
    14:45:40.0482 4808 \Device\Harddisk0\DR0:
    14:45:40.0482 4808 MBR partitions:
    14:45:40.0482 4808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0xB660E40
    14:45:40.0498 4808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB660EBF, BlocksNum 0x8615241
    14:45:40.0508 4808 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13C7613F, BlocksNum 0x1E157D1
    14:45:40.0517 4808 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x15A8B94F, BlocksNum 0x15A217C1
    14:45:40.0535 4808 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x2B4AD14F, BlocksNum 0x348B391
    14:45:40.0535 4808 \Device\Harddisk1\DR1:
    14:45:40.0535 4808 MBR partitions:
    14:45:40.0535 4808 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    14:45:40.0535 4808 ============================================================
    14:45:40.0561 4808 C: <-> \Device\Harddisk0\DR0\Partition1
    14:45:40.0597 4808 D: <-> \Device\Harddisk0\DR0\Partition2
    14:45:40.0620 4808 P: <-> \Device\Harddisk0\DR0\Partition5
    14:45:40.0662 4808 G: <-> \Device\Harddisk0\DR0\Partition4
    14:45:40.0687 4808 M: <-> \Device\Harddisk0\DR0\Partition3
    14:45:40.0700 4808 E: <-> \Device\Harddisk1\DR1\Partition1
    14:45:40.0700 4808 ============================================================
    14:45:40.0700 4808 Initialize success
    14:45:40.0700 4808 ============================================================
    14:46:31.0537 2844 ============================================================
    14:46:31.0537 2844 Scan started
    14:46:31.0537 2844 Mode: Manual; TDLFS;
    14:46:31.0537 2844 ============================================================
    14:46:31.0994 2844 ================ Scan system memory ========================
    14:46:31.0994 2844 System memory - ok
    14:46:31.0995 2844 ================ Scan services =============================
    14:46:32.0165 2844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    14:46:32.0167 2844 1394ohci - ok
    14:46:32.0201 2844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    14:46:32.0204 2844 ACPI - ok
    14:46:32.0230 2844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    14:46:32.0230 2844 AcpiPmi - ok
    14:46:32.0331 2844 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    14:46:32.0332 2844 AdobeARMservice - ok
    14:46:32.0468 2844 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    14:46:32.0473 2844 AdobeFlashPlayerUpdateSvc - ok
    14:46:32.0524 2844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    14:46:32.0528 2844 adp94xx - ok
    14:46:32.0560 2844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    14:46:32.0563 2844 adpahci - ok
    14:46:32.0582 2844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    14:46:32.0583 2844 adpu320 - ok
    14:46:32.0609 2844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    14:46:32.0610 2844 AeLookupSvc - ok
    14:46:32.0668 2844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    14:46:32.0672 2844 AFD - ok
    14:46:32.0703 2844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    14:46:32.0704 2844 agp440 - ok
    14:46:32.0732 2844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    14:46:32.0733 2844 ALG - ok
    14:46:32.0766 2844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    14:46:32.0767 2844 aliide - ok
    14:46:32.0798 2844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    14:46:32.0799 2844 amdide - ok
    14:46:32.0835 2844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    14:46:32.0836 2844 AmdK8 - ok
    14:46:32.0851 2844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    14:46:32.0852 2844 AmdPPM - ok
    14:46:32.0873 2844 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    14:46:32.0875 2844 amdsata - ok
    14:46:32.0893 2844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    14:46:32.0895 2844 amdsbs - ok
    14:46:32.0909 2844 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    14:46:32.0910 2844 amdxata - ok
    14:46:32.0946 2844 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
    14:46:32.0947 2844 androidusb - ok
    14:46:33.0011 2844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    14:46:33.0013 2844 AppID - ok
    14:46:33.0039 2844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    14:46:33.0040 2844 AppIDSvc - ok
    14:46:33.0083 2844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    14:46:33.0084 2844 Appinfo - ok
    14:46:33.0149 2844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    14:46:33.0151 2844 arc - ok
    14:46:33.0164 2844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    14:46:33.0166 2844 arcsas - ok
    14:46:33.0180 2844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    14:46:33.0181 2844 AsyncMac - ok
    14:46:33.0199 2844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    14:46:33.0200 2844 atapi - ok
    14:46:33.0257 2844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    14:46:33.0263 2844 AudioEndpointBuilder - ok
    14:46:33.0299 2844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    14:46:33.0305 2844 AudioSrv - ok
    14:46:33.0668 2844 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent P:\AVG\avgidsagent.exe
    14:46:33.0699 2844 AVGIDSAgent - ok
    14:46:33.0748 2844 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    14:46:33.0749 2844 AVGIDSDriver - ok
    14:46:33.0789 2844 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    14:46:33.0790 2844 AVGIDSHA - ok
    14:46:33.0830 2844 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    14:46:33.0831 2844 Avgldx64 - ok
    14:46:33.0865 2844 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    14:46:33.0866 2844 Avgloga - ok
    14:46:33.0906 2844 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    14:46:33.0907 2844 Avgmfx64 - ok
    14:46:33.0947 2844 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    14:46:33.0948 2844 Avgrkx64 - ok
    14:46:33.0986 2844 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    14:46:33.0990 2844 Avgtdia - ok
    14:46:34.0059 2844 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd P:\AVG\avgwdsvc.exe
    14:46:34.0063 2844 avgwd - ok
    14:46:34.0122 2844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    14:46:34.0124 2844 AxInstSV - ok
    14:46:34.0177 2844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    14:46:34.0185 2844 b06bdrv - ok
    14:46:34.0215 2844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:46:34.0218 2844 b57nd60a - ok
    14:46:34.0254 2844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    14:46:34.0255 2844 BDESVC - ok
    14:46:34.0265 2844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    14:46:34.0265 2844 Beep - ok
    14:46:34.0322 2844 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    14:46:34.0327 2844 BFE - ok
    14:46:34.0365 2844 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    14:46:34.0373 2844 BITS - ok
    14:46:34.0399 2844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    14:46:34.0400 2844 blbdrive - ok
    14:46:34.0429 2844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    14:46:34.0429 2844 bowser - ok
    14:46:34.0434 2844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:46:34.0435 2844 BrFiltLo - ok
    14:46:34.0440 2844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:46:34.0440 2844 BrFiltUp - ok
    14:46:34.0484 2844 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    14:46:34.0485 2844 BridgeMP - ok
    14:46:34.0518 2844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    14:46:34.0520 2844 Browser - ok
    14:46:34.0535 2844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    14:46:34.0537 2844 Brserid - ok
    14:46:34.0542 2844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    14:46:34.0542 2844 BrSerWdm - ok
    14:46:34.0547 2844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:46:34.0547 2844 BrUsbMdm - ok
    14:46:34.0553 2844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    14:46:34.0554 2844 BrUsbSer - ok
    14:46:34.0559 2844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    14:46:34.0560 2844 BTHMODEM - ok
    14:46:34.0584 2844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    14:46:34.0585 2844 bthserv - ok
    14:46:34.0609 2844 catchme - ok
    14:46:34.0622 2844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    14:46:34.0622 2844 cdfs - ok
    14:46:34.0655 2844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    14:46:34.0656 2844 cdrom - ok
    14:46:34.0693 2844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    14:46:34.0694 2844 CertPropSvc - ok
    14:46:34.0718 2844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    14:46:34.0718 2844 circlass - ok
    14:46:34.0755 2844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    14:46:34.0757 2844 CLFS - ok
    14:46:34.0828 2844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:46:34.0830 2844 clr_optimization_v2.0.50727_32 - ok
    14:46:34.0884 2844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    14:46:34.0887 2844 clr_optimization_v2.0.50727_64 - ok
    14:46:34.0945 2844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:46:34.0947 2844 clr_optimization_v4.0.30319_32 - ok
    14:46:34.0982 2844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    14:46:34.0984 2844 clr_optimization_v4.0.30319_64 - ok
    14:46:35.0012 2844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    14:46:35.0013 2844 CmBatt - ok
    14:46:35.0037 2844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    14:46:35.0037 2844 cmdide - ok
    14:46:35.0078 2844 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    14:46:35.0082 2844 CNG - ok
    14:46:35.0111 2844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    14:46:35.0112 2844 Compbatt - ok
    14:46:35.0155 2844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    14:46:35.0156 2844 CompositeBus - ok
    14:46:35.0169 2844 COMSysApp - ok
    14:46:35.0188 2844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    14:46:35.0188 2844 crcdisk - ok
    14:46:35.0257 2844 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    14:46:35.0259 2844 CryptSvc - ok
    14:46:35.0391 2844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    14:46:35.0395 2844 DcomLaunch - ok
    14:46:35.0417 2844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    14:46:35.0419 2844 defragsvc - ok
    14:46:35.0458 2844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    14:46:35.0459 2844 DfsC - ok
    14:46:35.0491 2844 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
    14:46:35.0492 2844 dg_ssudbus - ok
    14:46:35.0525 2844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    14:46:35.0527 2844 Dhcp - ok
    14:46:35.0559 2844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    14:46:35.0559 2844 discache - ok
    14:46:35.0586 2844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    14:46:35.0586 2844 Disk - ok
    14:46:35.0616 2844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    14:46:35.0618 2844 Dnscache - ok
    14:46:35.0659 2844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    14:46:35.0660 2844 dot3svc - ok
    14:46:35.0692 2844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    14:46:35.0694 2844 DPS - ok
    14:46:35.0726 2844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    14:46:35.0727 2844 drmkaud - ok
    14:46:35.0775 2844 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    14:46:35.0779 2844 dtsoftbus01 - ok
    14:46:35.0858 2844 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    14:46:35.0872 2844 DXGKrnl - ok
    14:46:35.0904 2844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    14:46:35.0906 2844 EapHost - ok
    14:46:35.0995 2844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    14:46:36.0017 2844 ebdrv - ok
    14:46:36.0044 2844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    14:46:36.0046 2844 EFS - ok
    14:46:36.0091 2844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    14:46:36.0095 2844 ehRecvr - ok
    14:46:36.0111 2844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    14:46:36.0112 2844 ehSched - ok
    14:46:36.0135 2844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    14:46:36.0138 2844 elxstor - ok
    14:46:36.0147 2844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    14:46:36.0148 2844 ErrDev - ok
    14:46:36.0190 2844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    14:46:36.0192 2844 EventSystem - ok
    14:46:36.0216 2844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    14:46:36.0218 2844 exfat - ok
    14:46:36.0290 2844 Fabs - ok
    14:46:36.0317 2844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    14:46:36.0318 2844 fastfat - ok
    14:46:36.0390 2844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    14:46:36.0401 2844 Fax - ok
    14:46:36.0426 2844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    14:46:36.0427 2844 fdc - ok
    14:46:36.0459 2844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    14:46:36.0460 2844 fdPHost - ok
    14:46:36.0475 2844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    14:46:36.0476 2844 FDResPub - ok
    14:46:36.0495 2844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    14:46:36.0496 2844 FileInfo - ok
    14:46:36.0514 2844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    14:46:36.0515 2844 Filetrace - ok
    14:46:36.0623 2844 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
    14:46:36.0643 2844 FirebirdServerMAGIXInstance - ok
    14:46:36.0662 2844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    14:46:36.0663 2844 flpydisk - ok
    14:46:36.0703 2844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    14:46:36.0704 2844 FltMgr - ok
    14:46:36.0753 2844 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
    14:46:36.0760 2844 FontCache - ok
    14:46:36.0817 2844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    14:46:36.0818 2844 FontCache3.0.0.0 - ok
    14:46:36.0850 2844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    14:46:36.0850 2844 FsDepends - ok
    14:46:36.0874 2844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    14:46:36.0874 2844 Fs_Rec - ok
    14:46:36.0919 2844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    14:46:36.0920 2844 fvevol - ok
    14:46:36.0940 2844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:46:36.0941 2844 gagp30kx - ok
    14:46:37.0001 2844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    14:46:37.0013 2844 gpsvc - ok
    14:46:37.0050 2844 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    14:46:37.0052 2844 hamachi - ok
    14:46:37.0116 2844 Hamachi2Svc - ok
    14:46:37.0160 2844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    14:46:37.0162 2844 hcw85cir - ok
    14:46:37.0215 2844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    14:46:37.0221 2844 HdAudAddService - ok
    14:46:37.0252 2844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:46:37.0255 2844 HDAudBus - ok
    14:46:37.0281 2844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    14:46:37.0282 2844 HidBatt - ok
    14:46:37.0307 2844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    14:46:37.0308 2844 HidBth - ok
    14:46:37.0326 2844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    14:46:37.0327 2844 HidIr - ok
    14:46:37.0355 2844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    14:46:37.0356 2844 hidserv - ok
    14:46:37.0384 2844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    14:46:37.0385 2844 HidUsb - ok
    14:46:37.0419 2844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    14:46:37.0421 2844 hkmsvc - ok
    14:46:37.0459 2844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    14:46:37.0462 2844 HomeGroupListener - ok
    14:46:37.0509 2844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    14:46:37.0512 2844 HomeGroupProvider - ok
    14:46:37.0527 2844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    14:46:37.0528 2844 HpSAMD - ok
    14:46:37.0578 2844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    14:46:37.0584 2844 HTTP - ok
    14:46:37.0629 2844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    14:46:37.0630 2844 hwpolicy - ok
    14:46:37.0661 2844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    14:46:37.0663 2844 i8042prt - ok
    14:46:37.0699 2844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    14:46:37.0703 2844 iaStorV - ok
    14:46:37.0745 2844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    14:46:37.0752 2844 idsvc - ok
    14:46:37.0791 2844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    14:46:37.0792 2844 iirsp - ok
    14:46:37.0821 2844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    14:46:37.0829 2844 IKEEXT - ok
    14:46:37.0851 2844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    14:46:37.0851 2844 intelide - ok
    14:46:37.0883 2844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    14:46:37.0884 2844 intelppm - ok
    14:46:37.0907 2844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    14:46:37.0909 2844 IPBusEnum - ok
    14:46:37.0951 2844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:46:37.0953 2844 IpFilterDriver - ok
    14:46:38.0002 2844 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    14:46:38.0012 2844 iphlpsvc - ok
    14:46:38.0044 2844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    14:46:38.0045 2844 IPMIDRV - ok
    14:46:38.0072 2844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    14:46:38.0073 2844 IPNAT - ok
    14:46:38.0093 2844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    14:46:38.0094 2844 IRENUM - ok
    14:46:38.0112 2844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    14:46:38.0113 2844 isapnp - ok
    14:46:38.0133 2844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    14:46:38.0135 2844 iScsiPrt - ok
    14:46:38.0151 2844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    14:46:38.0152 2844 kbdclass - ok
    14:46:38.0176 2844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    14:46:38.0176 2844 kbdhid - ok
    14:46:38.0194 2844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    14:46:38.0195 2844 KeyIso - ok
    14:46:38.0226 2844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    14:46:38.0228 2844 KSecDD - ok
    14:46:38.0248 2844 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    14:46:38.0250 2844 KSecPkg - ok
    14:46:38.0283 2844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    14:46:38.0284 2844 ksthunk - ok
    14:46:38.0312 2844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    14:46:38.0317 2844 KtmRm - ok
    14:46:38.0376 2844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    14:46:38.0383 2844 LanmanServer - ok
    14:46:38.0428 2844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    14:46:38.0434 2844 LanmanWorkstation - ok
    14:46:38.0479 2844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    14:46:38.0481 2844 lltdio - ok
    14:46:38.0520 2844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    14:46:38.0526 2844 lltdsvc - ok
    14:46:38.0537 2844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    14:46:38.0540 2844 lmhosts - ok
    14:46:38.0575 2844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:46:38.0576 2844 LSI_FC - ok
    14:46:38.0589 2844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:46:38.0590 2844 LSI_SAS - ok
    14:46:38.0604 2844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:46:38.0604 2844 LSI_SAS2 - ok
    14:46:38.0624 2844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:46:38.0626 2844 LSI_SCSI - ok
    14:46:38.0654 2844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    14:46:38.0655 2844 luafv - ok
    14:46:38.0691 2844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    14:46:38.0693 2844 Mcx2Svc - ok
    14:46:38.0701 2844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    14:46:38.0702 2844 megasas - ok
    14:46:38.0718 2844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    14:46:38.0720 2844 MegaSR - ok
    14:46:38.0775 2844 [ 1595FECFFBE9EA2417E06D5FD0BFA4C4 ] MEMSWEEP2 C:\Windows\system32\C12D.tmp
    14:46:38.0775 2844 MEMSWEEP2 - ok
    14:46:38.0807 2844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    14:46:38.0809 2844 MMCSS - ok
    14:46:38.0825 2844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    14:46:38.0826 2844 Modem - ok
    14:46:38.0859 2844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    14:46:38.0860 2844 monitor - ok
    14:46:38.0894 2844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    14:46:38.0895 2844 mouclass - ok
    14:46:38.0930 2844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    14:46:38.0931 2844 mouhid - ok
    14:46:38.0965 2844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    14:46:38.0966 2844 mountmgr - ok
    14:46:39.0005 2844 [ 65F455520AEAACCFB1BDF47F8AB308EE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    14:46:39.0008 2844 MozillaMaintenance - ok
    14:46:39.0048 2844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    14:46:39.0051 2844 mpio - ok
    14:46:39.0076 2844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    14:46:39.0078 2844 mpsdrv - ok
    14:46:39.0135 2844 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    14:46:39.0143 2844 MpsSvc - ok
    14:46:39.0182 2844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    14:46:39.0183 2844 MRxDAV - ok
    14:46:39.0214 2844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:46:39.0215 2844 mrxsmb - ok
    14:46:39.0233 2844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:46:39.0235 2844 mrxsmb10 - ok
    14:46:39.0252 2844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:46:39.0254 2844 mrxsmb20 - ok
    14:46:39.0285 2844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    14:46:39.0286 2844 msahci - ok
    14:46:39.0311 2844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    14:46:39.0313 2844 msdsm - ok
    14:46:39.0337 2844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    14:46:39.0340 2844 MSDTC - ok
    14:46:39.0368 2844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    14:46:39.0369 2844 Msfs - ok
    14:46:39.0379 2844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    14:46:39.0379 2844 mshidkmdf - ok
    14:46:39.0409 2844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    14:46:39.0410 2844 msisadrv - ok
    14:46:39.0442 2844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    14:46:39.0444 2844 MSiSCSI - ok
    14:46:39.0451 2844 msiserver - ok
    14:46:39.0481 2844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    14:46:39.0482 2844 MSKSSRV - ok
    14:46:39.0486 2844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    14:46:39.0487 2844 MSPCLOCK - ok
    14:46:39.0491 2844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    14:46:39.0492 2844 MSPQM - ok
    14:46:39.0534 2844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    14:46:39.0536 2844 MsRPC - ok
    14:46:39.0553 2844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    14:46:39.0554 2844 mssmbios - ok
    14:46:39.0558 2844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    14:46:39.0558 2844 MSTEE - ok
    14:46:39.0575 2844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    14:46:39.0576 2844 MTConfig - ok
    14:46:39.0591 2844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    14:46:39.0592 2844 Mup - ok
    14:46:39.0630 2844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    14:46:39.0634 2844 napagent - ok
    14:46:39.0671 2844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    14:46:39.0674 2844 NativeWifiP - ok
    14:46:39.0729 2844 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    14:46:39.0734 2844 NDIS - ok
    14:46:39.0745 2844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    14:46:39.0746 2844 NdisCap - ok
    14:46:39.0771 2844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    14:46:39.0771 2844 NdisTapi - ok
    14:46:39.0804 2844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    14:46:39.0804 2844 Ndisuio - ok
    14:46:39.0841 2844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    14:46:39.0844 2844 NdisWan - ok
    14:46:39.0897 2844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    14:46:39.0899 2844 NDProxy - ok
    14:46:39.0929 2844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    14:46:39.0930 2844 NetBIOS - ok
    14:46:39.0977 2844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    14:46:39.0981 2844 NetBT - ok
    14:46:39.0998 2844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    14:46:40.0001 2844 Netlogon - ok
    14:46:40.0040 2844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    14:46:40.0044 2844 Netman - ok
    14:46:40.0070 2844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    14:46:40.0074 2844 netprofm - ok
    14:46:40.0098 2844 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    14:46:40.0100 2844 NetTcpPortSharing - ok
    14:46:40.0120 2844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    14:46:40.0121 2844 nfrd960 - ok
    14:46:40.0152 2844 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    14:46:40.0155 2844 NlaSvc - ok
    14:46:40.0194 2844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    14:46:40.0195 2844 Npfs - ok
    14:46:40.0219 2844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    14:46:40.0220 2844 nsi - ok
    14:46:40.0225 2844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    14:46:40.0226 2844 nsiproxy - ok
    14:46:40.0286 2844 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    14:46:40.0295 2844 Ntfs - ok
    14:46:40.0310 2844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    14:46:40.0311 2844 Null - ok
    14:46:40.0361 2844 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    14:46:40.0367 2844 NVENETFD - ok
    14:46:40.0439 2844 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    14:46:40.0440 2844 NVHDA - ok
    14:46:40.0728 2844 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    14:46:40.0793 2844 nvlddmkm - ok
    14:46:40.0851 2844 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
    14:46:40.0853 2844 NVNET - ok
    14:46:40.0885 2844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    14:46:40.0886 2844 nvraid - ok
    14:46:40.0908 2844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    14:46:40.0909 2844 nvstor - ok
    14:46:40.0950 2844 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
    14:46:40.0956 2844 nvsvc - ok
    14:46:41.0018 2844 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    14:46:41.0036 2844 nvUpdatusService - ok
    14:46:41.0061 2844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    14:46:41.0064 2844 nv_agp - ok
    14:46:41.0104 2844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    14:46:41.0106 2844 ohci1394 - ok
    14:46:41.0143 2844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    14:46:41.0146 2844 p2pimsvc - ok
    14:46:41.0172 2844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    14:46:41.0176 2844 p2psvc - ok
    14:46:41.0219 2844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    14:46:41.0220 2844 Parport - ok
    14:46:41.0247 2844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    14:46:41.0248 2844 partmgr - ok
    14:46:41.0267 2844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    14:46:41.0270 2844 PcaSvc - ok
    14:46:41.0295 2844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    14:46:41.0297 2844 pci - ok
    14:46:41.0313 2844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    14:46:41.0314 2844 pciide - ok
    14:46:41.0333 2844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    14:46:41.0335 2844 pcmcia - ok
    14:46:41.0341 2844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    14:46:41.0342 2844 pcw - ok
    14:46:41.0366 2844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    14:46:41.0371 2844 PEAUTH - ok
    14:46:41.0466 2844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    14:46:41.0469 2844 PerfHost - ok
    14:46:41.0558 2844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    14:46:41.0580 2844 pla - ok
    14:46:41.0630 2844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    14:46:41.0634 2844 PlugPlay - ok
    14:46:41.0650 2844 PnkBstrA - ok
    14:46:41.0680 2844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    14:46:41.0682 2844 PNRPAutoReg - ok
    14:46:41.0700 2844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    14:46:41.0703 2844 PNRPsvc - ok
    14:46:41.0739 2844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    14:46:41.0742 2844 PolicyAgent - ok
    14:46:41.0775 2844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    14:46:41.0777 2844 Power - ok
    14:46:41.0820 2844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    14:46:41.0821 2844 PptpMiniport - ok
    14:46:41.0834 2844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    14:46:41.0835 2844 Processor - ok
    14:46:41.0869 2844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    14:46:41.0872 2844 ProfSvc - ok
    14:46:41.0884 2844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    14:46:41.0885 2844 ProtectedStorage - ok
    14:46:41.0924 2844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    14:46:41.0925 2844 Psched - ok
    14:46:41.0997 2844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    14:46:42.0019 2844 ql2300 - ok
    14:46:42.0044 2844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    14:46:42.0047 2844 ql40xx - ok
    14:46:42.0081 2844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    14:46:42.0084 2844 QWAVE - ok
    14:46:42.0101 2844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    14:46:42.0101 2844 QWAVEdrv - ok
    14:46:42.0112 2844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    14:46:42.0113 2844 RasAcd - ok
    14:46:42.0145 2844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:46:42.0145 2844 RasAgileVpn - ok
    14:46:42.0162 2844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    14:46:42.0164 2844 RasAuto - ok
    14:46:42.0199 2844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:46:42.0200 2844 Rasl2tp - ok
    14:46:42.0238 2844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    14:46:42.0242 2844 RasMan - ok
    14:46:42.0263 2844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    14:46:42.0264 2844 RasPppoe - ok
    14:46:42.0292 2844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    14:46:42.0293 2844 RasSstp - ok
    14:46:42.0335 2844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    14:46:42.0337 2844 rdbss - ok
    14:46:42.0352 2844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    14:46:42.0353 2844 rdpbus - ok
    14:46:42.0362 2844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:46:42.0363 2844 RDPCDD - ok
    14:46:42.0394 2844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    14:46:42.0395 2844 RDPENCDD - ok
    14:46:42.0404 2844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    14:46:42.0404 2844 RDPREFMP - ok
    14:46:42.0438 2844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    14:46:42.0440 2844 RDPWD - ok
    14:46:42.0488 2844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    14:46:42.0491 2844 rdyboost - ok
    14:46:42.0542 2844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    14:46:42.0545 2844 RemoteAccess - ok
    14:46:42.0583 2844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    14:46:42.0589 2844 RemoteRegistry - ok
    14:46:42.0617 2844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    14:46:42.0622 2844 RpcEptMapper - ok
    14:46:42.0649 2844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    14:46:42.0651 2844 RpcLocator - ok
    14:46:42.0689 2844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    14:46:42.0695 2844 RpcSs - ok
    14:46:42.0724 2844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    14:46:42.0725 2844 rspndr - ok
    14:46:42.0769 2844 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    14:46:42.0771 2844 RTL8167 - ok
    14:46:42.0792 2844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    14:46:42.0793 2844 SamSs - ok
    14:46:42.0822 2844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    14:46:42.0823 2844 sbp2port - ok
    14:46:42.0846 2844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    14:46:42.0850 2844 SCardSvr - ok
    14:46:42.0888 2844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    14:46:42.0889 2844 scfilter - ok
    14:46:42.0946 2844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    14:46:42.0964 2844 Schedule - ok
    14:46:43.0007 2844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    14:46:43.0010 2844 SCPolicySvc - ok
    14:46:43.0064 2844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    14:46:43.0069 2844 SDRSVC - ok
    14:46:43.0163 2844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    14:46:43.0164 2844 secdrv - ok
    14:46:43.0218 2844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    14:46:43.0222 2844 seclogon - ok
    14:46:43.0250 2844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    14:46:43.0255 2844 SENS - ok
    14:46:43.0275 2844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    14:46:43.0279 2844 SensrSvc - ok
    14:46:43.0296 2844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    14:46:43.0296 2844 Serenum - ok
    14:46:43.0322 2844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    14:46:43.0323 2844 Serial - ok
    14:46:43.0339 2844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    14:46:43.0339 2844 sermouse - ok
    14:46:43.0393 2844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    14:46:43.0395 2844 SessionEnv - ok
    14:46:43.0423 2844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    14:46:43.0424 2844 sffdisk - ok
    14:46:43.0442 2844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    14:46:43.0443 2844 sffp_mmc - ok
    14:46:43.0455 2844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    14:46:43.0456 2844 sffp_sd - ok
    14:46:43.0466 2844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    14:46:43.0467 2844 sfloppy - ok
    14:46:43.0496 2844 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    14:46:43.0499 2844 SharedAccess - ok
    14:46:43.0543 2844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    14:46:43.0548 2844 ShellHWDetection - ok
    14:46:43.0560 2844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:46:43.0560 2844 SiSRaid2 - ok
    14:46:43.0578 2844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    14:46:43.0579 2844 SiSRaid4 - ok
    14:46:43.0634 2844 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    14:46:43.0636 2844 SkypeUpdate - ok
    14:46:43.0656 2844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    14:46:43.0658 2844 Smb - ok
    14:46:43.0692 2844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    14:46:43.0695 2844 SNMPTRAP - ok
    14:46:43.0707 2844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    14:46:43.0707 2844 spldr - ok
    14:46:43.0747 2844 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    14:46:43.0753 2844 Spooler - ok
    14:46:43.0895 2844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    14:46:43.0921 2844 sppsvc - ok
    14:46:43.0948 2844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    14:46:43.0950 2844 sppuinotify - ok
    14:46:43.0981 2844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    14:46:43.0985 2844 srv - ok
    14:46:44.0006 2844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    14:46:44.0009 2844 srv2 - ok
    14:46:44.0028 2844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    14:46:44.0030 2844 srvnet - ok
    14:46:44.0072 2844 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    14:46:44.0073 2844 ssadbus - ok
    14:46:44.0102 2844 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    14:46:44.0103 2844 ssadmdfl - ok
    14:46:44.0120 2844 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    14:46:44.0121 2844 ssadmdm - ok
    14:46:44.0152 2844 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
    14:46:44.0153 2844 ssadserd - ok
    14:46:44.0197 2844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    14:46:44.0203 2844 SSDPSRV - ok
    14:46:44.0233 2844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    14:46:44.0238 2844 SstpSvc - ok
    14:46:44.0291 2844 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
    14:46:44.0295 2844 ssudmdm - ok
    14:46:44.0335 2844 [ F161567B90721F4C42BD5F95A4C9B2D0 ] ssudobex C:\Windows\system32\DRIVERS\ssudobex.sys
    14:46:44.0339 2844 ssudobex - ok
    14:46:44.0388 2844 Steam Client Service - ok
    14:46:44.0449 2844 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    14:46:44.0452 2844 Stereo Service - ok
    14:46:44.0481 2844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    14:46:44.0482 2844 stexstor - ok
    14:46:44.0538 2844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    14:46:44.0544 2844 stisvc - ok
    14:46:44.0575 2844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    14:46:44.0575 2844 swenum - ok
    14:46:44.0607 2844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    14:46:44.0612 2844 swprv - ok
    14:46:44.0693 2844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    14:46:44.0719 2844 SysMain - ok
    14:46:44.0771 2844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    14:46:44.0776 2844 TabletInputService - ok
    14:46:44.0820 2844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    14:46:44.0827 2844 TapiSrv - ok
    14:46:44.0864 2844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    14:46:44.0866 2844 TBS - ok
    14:46:44.0937 2844 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    14:46:44.0952 2844 Tcpip - ok
    14:46:45.0046 2844 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    14:46:45.0060 2844 TCPIP6 - ok
    14:46:45.0112 2844 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    14:46:45.0113 2844 tcpipreg - ok
    14:46:45.0143 2844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    14:46:45.0143 2844 TDPIPE - ok
    14:46:45.0174 2844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    14:46:45.0174 2844 TDTCP - ok
    14:46:45.0213 2844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    14:46:45.0214 2844 tdx - ok
    14:46:45.0362 2844 [ 12EB792F908D263381162D9BB304B520 ] TeamViewer6 P:\Teamviewer\TeamViewer_Service.exe
    14:46:45.0374 2844 TeamViewer6 - ok
    14:46:45.0622 2844 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    14:46:45.0642 2844 TeamViewer7 - ok
    14:46:45.0670 2844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    14:46:45.0671 2844 TermDD - ok
    14:46:45.0716 2844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    14:46:45.0721 2844 TermService - ok
    14:46:45.0754 2844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    14:46:45.0755 2844 Themes - ok
    14:46:45.0779 2844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    14:46:45.0781 2844 THREADORDER - ok
    14:46:45.0798 2844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    14:46:45.0801 2844 TrkWks - ok
    14:46:45.0848 2844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    14:46:45.0850 2844 TrustedInstaller - ok
    14:46:45.0878 2844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:46:45.0878 2844 tssecsrv - ok
    14:46:45.0918 2844 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    14:46:45.0919 2844 TsUsbFlt - ok
    14:46:45.0976 2844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    14:46:45.0978 2844 tunnel - ok
    14:46:46.0003 2844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    14:46:46.0005 2844 uagp35 - ok
    14:46:46.0056 2844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    14:46:46.0062 2844 udfs - ok
    14:46:46.0113 2844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    14:46:46.0114 2844 UI0Detect - ok
    14:46:46.0133 2844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    14:46:46.0134 2844 uliagpkx - ok
    14:46:46.0166 2844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    14:46:46.0166 2844 umbus - ok
    14:46:46.0185 2844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    14:46:46.0186 2844 UmPass - ok
    14:46:46.0200 2844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    14:46:46.0203 2844 upnphost - ok
    14:46:46.0239 2844 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    14:46:46.0240 2844 usbaudio - ok
    14:46:46.0255 2844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    14:46:46.0255 2844 usbccgp - ok
    14:46:46.0278 2844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    14:46:46.0279 2844 usbcir - ok
    14:46:46.0294 2844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    14:46:46.0295 2844 usbehci - ok
    14:46:46.0330 2844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    14:46:46.0332 2844 usbhub - ok
    14:46:46.0350 2844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    14:46:46.0351 2844 usbohci - ok
    14:46:46.0375 2844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    14:46:46.0376 2844 usbprint - ok
    14:46:46.0395 2844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:46:46.0396 2844 USBSTOR - ok
    14:46:46.0408 2844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    14:46:46.0410 2844 usbuhci - ok
    14:46:46.0431 2844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    14:46:46.0433 2844 UxSms - ok
    14:46:46.0449 2844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    14:46:46.0450 2844 VaultSvc - ok
    14:46:46.0465 2844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    14:46:46.0466 2844 vdrvroot - ok
    14:46:46.0508 2844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    14:46:46.0511 2844 vds - ok
    14:46:46.0530 2844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    14:46:46.0530 2844 vga - ok
    14:46:46.0535 2844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    14:46:46.0536 2844 VgaSave - ok
    14:46:46.0564 2844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    14:46:46.0565 2844 vhdmp - ok
    14:46:46.0588 2844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    14:46:46.0588 2844 viaide - ok
    14:46:46.0603 2844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    14:46:46.0604 2844 volmgr - ok
    14:46:46.0639 2844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    14:46:46.0641 2844 volmgrx - ok
    14:46:46.0660 2844 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    14:46:46.0662 2844 volsnap - ok
    14:46:46.0682 2844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    14:46:46.0683 2844 vsmraid - ok
    14:46:46.0753 2844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    14:46:46.0778 2844 VSS - ok
    14:46:46.0807 2844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    14:46:46.0808 2844 vwifibus - ok
    14:46:46.0868 2844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    14:46:46.0878 2844 W32Time - ok
    14:46:46.0892 2844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    14:46:46.0893 2844 WacomPen - ok
    14:46:46.0936 2844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    14:46:46.0937 2844 WANARP - ok
    14:46:46.0942 2844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    14:46:46.0943 2844 Wanarpv6 - ok
    14:46:46.0989 2844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    14:46:47.0002 2844 wbengine - ok
    14:46:47.0043 2844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    14:46:47.0045 2844 WbioSrvc - ok
    14:46:47.0083 2844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    14:46:47.0087 2844 wcncsvc - ok
    14:46:47.0097 2844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    14:46:47.0099 2844 WcsPlugInService - ok
    14:46:47.0118 2844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    14:46:47.0119 2844 Wd - ok
    14:46:47.0160 2844 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    14:46:47.0164 2844 Wdf01000 - ok
    14:46:47.0175 2844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    14:46:47.0177 2844 WdiServiceHost - ok
    14:46:47.0182 2844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    14:46:47.0184 2844 WdiSystemHost - ok
    14:46:47.0218 2844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    14:46:47.0221 2844 WebClient - ok
    14:46:47.0240 2844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    14:46:47.0243 2844 Wecsvc - ok
    14:46:47.0259 2844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    14:46:47.0261 2844 wercplsupport - ok
    14:46:47.0284 2844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    14:46:47.0286 2844 WerSvc - ok
    14:46:47.0311 2844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    14:46:47.0312 2844 WfpLwf - ok
    14:46:47.0316 2844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    14:46:47.0317 2844 WIMMount - ok
    14:46:47.0339 2844 WinDefend - ok
    14:46:47.0344 2844 WinHttpAutoProxySvc - ok
    14:46:47.0384 2844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    14:46:47.0385 2844 Winmgmt - ok
    14:46:47.0478 2844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    14:46:47.0509 2844 WinRM - ok
    14:46:47.0586 2844 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
    14:46:47.0587 2844 WinUSB - ok
    14:46:47.0630 2844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    14:46:47.0636 2844 Wlansvc - ok
    14:46:47.0780 2844 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    14:46:47.0792 2844 wlidsvc - ok
    14:46:47.0824 2844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    14:46:47.0824 2844 WmiAcpi - ok
    14:46:47.0858 2844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    14:46:47.0860 2844 wmiApSrv - ok
    14:46:47.0891 2844 WMPNetworkSvc - ok
    14:46:47.0917 2844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    14:46:47.0919 2844 WPCSvc - ok
    14:46:47.0952 2844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    14:46:47.0955 2844 WPDBusEnum - ok
    14:46:48.0006 2844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    14:46:48.0007 2844 ws2ifsl - ok
    14:46:48.0051 2844 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    14:46:48.0056 2844 wscsvc - ok
    14:46:48.0067 2844 WSearch - ok
    14:46:48.0148 2844 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    14:46:48.0163 2844 wuauserv - ok
    14:46:48.0196 2844 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    14:46:48.0197 2844 WudfPf - ok
    14:46:48.0221 2844 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:46:48.0222 2844 WUDFRd - ok
    14:46:48.0251 2844 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    14:46:48.0253 2844 wudfsvc - ok
    14:46:48.0284 2844 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    14:46:48.0287 2844 WwanSvc - ok
    14:46:48.0310 2844 ================ Scan global ===============================
    14:46:48.0332 2844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    14:46:48.0355 2844 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    14:46:48.0364 2844 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    14:46:48.0388 2844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    14:46:48.0412 2844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    14:46:48.0415 2844 [Global] - ok
    14:46:48.0415 2844 ================ Scan MBR ==================================
    14:46:48.0428 2844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    14:46:48.0685 2844 \Device\Harddisk0\DR0 - ok
    14:46:48.0694 2844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    14:46:48.0816 2844 \Device\Harddisk1\DR1 - ok
    14:46:48.0817 2844 ================ Scan VBR ==================================
    14:46:48.0823 2844 [ 0E93175DDE875203DF4C14490CD4C042 ] \Device\Harddisk0\DR0\Partition1
    14:46:48.0825 2844 \Device\Harddisk0\DR0\Partition1 - ok
    14:46:48.0848 2844 [ 448BE5170BC0C341DA0D73EBF075B1E7 ] \Device\Harddisk0\DR0\Partition2
    14:46:48.0851 2844 \Device\Harddisk0\DR0\Partition2 - ok
    14:46:48.0875 2844 [ 8F40BB21275FAB063BA102FBB011E82A ] \Device\Harddisk0\DR0\Partition3
    14:46:48.0878 2844 \Device\Harddisk0\DR0\Partition3 - ok
    14:46:48.0900 2844 [ 29C3DAFE676F441B64A43ACC24998857 ] \Device\Harddisk0\DR0\Partition4
    14:46:48.0902 2844 \Device\Harddisk0\DR0\Partition4 - ok
    14:46:48.0926 2844 [ 5A3DA1986F4064B926B3182755B5A7C6 ] \Device\Harddisk0\DR0\Partition5
    14:46:48.0928 2844 \Device\Harddisk0\DR0\Partition5 - ok
    14:46:48.0933 2844 [ 3F7B34CCA783F65B6C3655773B09C00E ] \Device\Harddisk1\DR1\Partition1
    14:46:48.0935 2844 \Device\Harddisk1\DR1\Partition1 - ok
    14:46:48.0936 2844 ============================================================
    14:46:48.0936 2844 Scan finished
    14:46:48.0936 2844 ============================================================
    14:46:48.0950 3696 Detected object count: 0
    14:46:48.0950 3696 Actual detected object count: 0
    14:47:26.0067 2412 Deinitialize success

    JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.6 (02.27.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Fabian on 03.03.2013 at 14:48:58,83
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{eee6c35b-6118-11dc-9c72-001320c79847}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
    Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35c-6118-11dc-9c72-001320c79847}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{eee6c35c-6118-11dc-9c72-001320c79847}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\sweetim"
    Successfully deleted: [Folder] "C:\Users\Fabian\AppData\Roaming\dvdvideosoftiehelpers"
    Successfully deleted: [Folder] "C:\Users\Fabian\AppData\Roaming\opencandy"
    Successfully deleted: [Folder] "C:\Users\Fabian\AppData\Roaming\pdfforge"
    Successfully deleted: [Folder] "C:\Users\Fabian\appdata\locallow\boost_interprocess"
    Successfully deleted: [Folder] "C:\Users\Fabian\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 03.03.2013 at 14:57:09,03
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner.txt

    # AdwCleaner v2.113 - Datei am 03/03/2013 um 14:59:18 erstellt
    # Aktualisiert am 23/02/2013 von Xplode
    # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Benutzer : Fabian - FABIAN-PC
    # Bootmodus : Normal
    # Ausgeführt unter : C:\Users\Fabian\Desktop\adwcleaner.exe
    # Option [Löschen]


    **** [Dienste] ****


    ***** [Dateien / Ordner] *****

    Datei Gelöscht : C:\user.js
    Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
    Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\ch379ddp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
    Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\ch379ddp.default\searchplugins\SweetIm.xml
    Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\ch379ddp.default\SweetPacksToolbarData
    Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

    ***** [Registrierungsdatenbank] *****

    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
    Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
    Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
    Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

    ***** [Internet Browser] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Die Registrierungsdatenbank ist sauber.

    -\\ Mozilla Firefox v12.0 (de)

    Datei : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\ch379ddp.default\prefs.js

    Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={63E93870-1F8E-11E2-B77B-00241D[...]
    Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
    Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
    Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
    Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
    Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
    Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10001");
    Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
    Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
    Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
    Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
    Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
    Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
    Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
    Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
    Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
    Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
    Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
    Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
    Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
    Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
    Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
    Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
    Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
    Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
    Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
    Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
    Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
    Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
    Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
    Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
    Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
    Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
    Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
    Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
    Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
    Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
    Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
    Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
    Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
    Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
    Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
    Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
    Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
    Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
    Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
    Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
    Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
    Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
    Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
    Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{63E93870-1F8E-11E2-B77B-00241D66775C}");
    Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");

    -\\ Google Chrome v25.0.1364.97

    Datei : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] Die Datei ist sauber.

    *************************

    AdwCleaner[S1].txt - [11921 octets] - [03/03/2013 14:59:18]

    ########## EOF - C:\AdwCleaner[S1].txt - [11982 octets] ##########

    Malwarebytes Log

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Datenbank Version: v2013.03.03.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Fabian :: FABIAN-PC [Administrator]

    03.03.2013 15:06:52
    mbam-log-2013-03-03 (15-06-52).txt

    Art des Suchlaufs: Quick-Scan
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 230738
    Laufzeit: 3 Minute(n), 20 Sekunde(n)

    Infizierte Speicherprozesse: 1
    C:\Users\Fabian\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> 5004 -> Löschen bei Neustart.

    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungsschlüssel: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungswerte: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateiobjekte der Registrierung: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Verzeichnisse: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateien: 1
    C:\Users\Fabian\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Löschen bei Neustart.

    (Ende)

    Eset Log

    C:\Users\Fabian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAL5K9Q3\svchost[1].exe a variant of Win32/BitCoinMiner.N application
    C:\Users\Fabian\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.N application
    C:\Users\Fabian\AppData\Roaming\Adobe\color.vbe VBS/Agent.NGJ trojan
    C:\Users\Fabian\Downloads\DTLite4461-0327.exe Win32/OpenCandy application
    C:\Users\Fabian\Downloads\flstudio_10.0.9c.exe Win32/OpenCandy application
    C:\Users\Fabian\Downloads\FreeYouTubetoMP3Converter.exe Win32/OpenCandy application
    D:\Downloads\PDFCreator-1_2_3_setup.exe multiple threats
    P:\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Press the WinKey + R to open a run box, type Notepad > click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    File::
    C:\Users\Fabian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAL5K9Q3\svchost[1].exe 
    C:\Users\Fabian\AppData\Local\Temp\svchost.exe 
    C:\Users\Fabian\AppData\Roaming\Adobe\color.vbe 
    C:\Users\Fabian\Downloads\DTLite4461-0327.exe 
    C:\Users\Fabian\Downloads\flstudio_10.0.9c.exe 
    C:\Users\Fabian\Downloads\FreeYouTubetoMP3Converter.exe 
    D:\Downloads\PDFCreator-1_2_3_setup.exe 
    P:\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe 
    
    ClearJavaCache::
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    NEXT

    Please advise how the computer is running now and if there are any outstanding issues
     
  7. MrEMU

    MrEMU Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    6
    Combofix.txt

    ComboFix 13-03-04.01 - Fabian 04.03.2013 16:36:30.4.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4096.2417 [GMT 1:00]
    ausgeführt von:: c:\users\Fabian\Desktop\ComboFix.exe
    Benutzte Befehlsschalter :: c:\users\Fabian\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Fabian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAL5K9Q3\svchost[1].exe"
    "c:\users\Fabian\AppData\Local\Temp\svchost.exe"
    "c:\users\Fabian\AppData\Roaming\Adobe\color.vbe"
    "c:\users\Fabian\Downloads\DTLite4461-0327.exe"
    "c:\users\Fabian\Downloads\flstudio_10.0.9c.exe"
    "c:\users\Fabian\Downloads\FreeYouTubetoMP3Converter.exe"
    "d:\downloads\PDFCreator-1_2_3_setup.exe"
    "p:\pdfcreator\Toolbar\pdfforge Toolbar_setup.exe"
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Fabian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAL5K9Q3\svchost[1].exe
    c:\users\Fabian\AppData\Roaming\Adobe\color.vbe
    c:\users\Fabian\Downloads\DTLite4461-0327.exe
    c:\users\Fabian\Downloads\flstudio_10.0.9c.exe
    c:\users\Fabian\Downloads\FreeYouTubetoMP3Converter.exe
    d:\downloads\PDFCreator-1_2_3_setup.exe
    p:\pdfcreator\Toolbar\pdfforge Toolbar_setup.exe
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2013-02-04 bis 2013-03-04 ))))))))))))))))))))))))))))))
    .
    .
    2013-03-04 15:47 . 2013-03-04 15:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-03-04 15:47 . 2013-03-04 15:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-03-03 14:16 . 2013-03-03 14:16 -------- d-----w- c:\program files (x86)\ESET
    2013-03-03 14:06 . 2013-03-03 14:06 -------- d-----w- c:\users\Fabian\AppData\Roaming\Malwarebytes
    2013-03-03 14:05 . 2013-03-03 14:05 -------- d-----w- c:\programdata\Malwarebytes
    2013-03-03 14:05 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-03 14:05 . 2013-03-03 14:05 -------- d-----w- c:\users\Fabian\AppData\Local\Programs
    2013-03-03 13:48 . 2013-03-03 13:48 -------- d-----w- c:\windows\ERUNT
    2013-03-03 13:47 . 2013-03-03 13:48 -------- d-----w- C:\JRT
    2013-02-28 12:38 . 2013-02-28 12:38 -------- d-----w- C:\FRST
    2013-02-26 22:38 . 2013-02-26 22:38 -------- d-----w- C:\$AVG
    2013-02-26 19:24 . 2013-02-26 19:24 -------- d-----w- c:\programdata\McAfee
    2013-02-26 17:46 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\C12D.tmp
    2013-02-26 17:40 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\B71E.tmp
    2013-02-26 11:21 . 2013-02-26 16:13 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    2013-02-21 16:40 . 2013-02-22 23:31 -------- d-----w- c:\programdata\ManiaPlanet
    2013-02-21 16:35 . 2013-02-21 16:35 -------- d-----w- c:\users\Fabian\AppData\Local\WinZip
    2013-02-21 16:33 . 2013-02-21 16:34 -------- d-----w- c:\programdata\WinZip
    2013-02-21 16:25 . 2013-02-21 16:25 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-02-21 16:25 . 2013-02-21 16:25 -------- d-----w- c:\users\Fabian\AppData\Local\PunkBuster
    2013-02-21 16:23 . 2013-02-21 16:23 -------- d-----w- c:\programdata\Orbit
    2013-02-14 16:25 . 2013-02-26 20:29 -------- d-----w- c:\users\Fabian\AppData\Roaming\TeamViewer
    2013-02-13 22:24 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 22:24 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 17:47 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-13 17:47 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 17:47 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 17:47 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 17:46 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-13 17:46 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-13 17:46 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-13 17:46 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-13 17:46 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 17:46 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-13 17:46 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 17:46 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-08 15:09 . 2013-02-27 20:09 15846768 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-02-03 18:22 . 2013-03-04 15:45 -------- d-----w- c:\users\Fabian\AppData\Roaming\BitTorrent
    2013-02-03 17:44 . 2013-02-03 17:45 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-02-03 17:44 . 2013-02-03 17:47 -------- d-----w- c:\users\Fabian\AppData\Roaming\DAEMON Tools Lite
    2013-02-03 17:43 . 2013-02-03 17:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-27 20:09 . 2012-10-25 15:49 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-27 20:09 . 2012-10-25 15:49 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-21 16:25 . 2012-12-17 14:10 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2013-02-21 16:25 . 2012-12-17 14:10 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-02-13 22:29 . 2012-10-04 10:11 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-31 10:52 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2013-01-31 10:51 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-01-31 10:31 . 2013-01-31 10:31 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2013-01-04 04:43 . 2013-02-13 17:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-23 00:07 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-23 00:07 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 00:07 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 00:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20 . 2013-01-09 16:06 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 16:06 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 16:06 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 16:06 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 16:06 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 16:06 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 16:06 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 16:06 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 16:06 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 16:06 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 16:06 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 16:06 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 16:06 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 16:06 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 16:06 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 16:06 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 16:06 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 16:06 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 16:06 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 16:06 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 16:06 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 16:06 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 16:06 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 16:06 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 16:06 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 16:06 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 16:06 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 16:06 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 16:06 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 16:06 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 16:06 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 16:06 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\Fabian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-02 1199576]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
    "BitTorrent"="p:\bittorrent\BitTorrent.exe" [2013-02-03 1053520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "TrayServer"="p:\magix\Video_deluxe_17_Premium\TrayServer.exe" [2008-08-07 90112]
    "LogMeIn Hamachi Ui"="p:\hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
    "AVG_UI"="p:\avg\avgui.exe" [2012-12-11 3147384]
    .
    c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Desktops.lnk - p:\desktops\Desktops.exe [2012-9-30 116088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0p:\avg\avgrsa.exe /sync /restart
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C12D.tmp [2009-06-18 6144]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
    R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-09-20 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-03 283200]
    S2 AVGIDSAgent;AVGIDSAgent;p:\avg\avgidsagent.exe [2012-11-15 5814904]
    S2 avgwd;AVG WatchDog;p:\avg\avgwdsvc.exe [2012-10-22 196664]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;p:\hamachi\hamachi-2.exe [2012-12-10 2465712]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 TeamViewer6;TeamViewer 6;p:\teamviewer\TeamViewer_Service.exe [2011-01-14 2250616]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
    S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    .
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 20:09]
    .
    2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2084198558-4019347831-946478551-1001Core.job
    - c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 14:26]
    .
    2013-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2084198558-4019347831-946478551-1001UA.job
    - c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 14:26]
    .
    .
    --------- X64 Entries -----------
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Free YouTube Download - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.178.1
    FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\ch379ddp.default\
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    Wow6432Node-HKLM-Run-Adobe - c:\users\Fabian\AppData\Roaming\Adobe\color.vbe
    AddRemove-BattlEye for A2 - g:\steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\C12D.tmp"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_USERS\S-1-5-21-2084198558-4019347831-946478551-1001\Software\SecuROM\License information*]
    "datasecu"=hex:c9,04,6e,54,ba,86,7e,8a,61,e6,6c,c3,2c,34,4f,c5,3f,2b,c6,1e,b5,
    da,37,39,d5,01,3f,de,a1,2a,64,c2,0e,b6,8a,9a,79,b7,97,93,4c,59,63,27,29,5d,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2013-03-04 17:00:20
    ComboFix-quarantined-files.txt 2013-03-04 16:00
    ComboFix2.txt 2013-03-03 13:41
    ComboFix3.txt 2013-02-26 20:54
    .
    Vor Suchlauf: 20 Verzeichnis(se), 33.231.130.624 Bytes frei
    Nach Suchlauf: 21 Verzeichnis(se), 33.145.356.288 Bytes frei
    .
    - - End Of File - - 5B243A9705E5B88464E1B00574B73C2D


    Thank you so much Tech Support Team. svchost.exe doesn't start after restart.
    You are so great (y)
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    good, glad it is performing better

    let's check to see if any programs need updating befor we do the tool cleanup

    please run the following:

    Download Security Check from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  9. MrEMU

    MrEMU Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    6
    Results of screen317's Security Check version 0.99.60
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Anti-Virus Free Edition 2013
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Sophos Anti-Rootkit 1.5.0
    Malwarebytes Anti-Malware Version 1.70.0.1100
    Adobe Flash Player 11.6.602.171
    Adobe Reader 10.1.6 Adobe Reader out of Date!
    Mozilla Firefox 12.0 Firefox out of Date!
    Google Chrome 24.0.1312.57
    Google Chrome 25.0.1364.97
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please update Adobe

    Visit ADOBE and download the latest version of Acrobat Reader (version XI)
    Having the latest updates ensures there are no security vulnerabilities in your system.


    You should also update FireFox:

    In FireFox > go to Help > about FireFox > Check for updates > FireFox will download and install the latest version


    Please advise how the computer is running now and if there are any outstanding issues
     
  11. MrEMU

    MrEMU Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    6
    Thank you for all
    its running very well
    like it was running before svchost.exe
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    We just have some housekeeping to do now,

    Please do the following:


    You can delete the TDSSKiller, JRT and Farbar logs and programs from your desktop.


    NEXT


    Follow these steps to uninstall Combofix

    • Make sure your security programs are totally disabled.
    • Press the WinKey +R to open a run box
    • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

    [​IMG]


    NEXT

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.


    If there are any logs/tools remaining on your desktop > right click and delete them.


    NEXT


    ------------------------------------------------------

    Important

    Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

    Java

    US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

    We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

    Please disable Java in your browser(s) by following these instructions:

    How do I disable Java in my web browser?

    ------------------------------------------------------


    NEXT


    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
      Strong passwords: How to create and use them
      Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.

    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    • Download TFC to your desktop
      • Close any open windows.
      • Double click the TFC icon to run the program
      • TFC will close all open programs itself in order to run,
      • Click the Start button to begin the process.
      • Allow TFC to run uninterrupted.
      • The program should not take long to finish it's job
      • Once its finished it should automatically reboot your machine,
      • if it doesn't, manually reboot to ensure a complete clean
      It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for both Firefox and IE

    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
      PC Safety and Security--What Do I Need?.
    • Simple and easy ways to keep your computer safe and secure on the Internet
    Should you wish to contribute to my ongoing fight against malware, donations are being accepted Here

    Thank you for your patience, and performing all of the procedures requested.

    Please respond one last time so we can consider the thread resolved and close it, thank-you.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - svchost
  1. Mackoy
    Replies:
    0
    Views:
    437
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1091073

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice