| |
| |||||||
Log-Analyse und Auswertung: win32.downloader.gen lässt sich mit spybot nicht eliminierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.06.2013, 15:05
| #1 |
 |  win32.downloader.gen lässt sich mit spybot nicht eliminieren Hallo Trojaner-Experten! Nachdem mein Computer seit einigen Tage sehr viel langsamer ist, des öfteren einfriert und das Signal der W-Lan Verbindung schlechter ist, habe ich bei meinem obligatorischen Spybot-Suchlauf die Malware win32.downloader.gen gefunden. Beim Versuch dieses Problem zu beheben kam die Meldung "Unexpected error in fixing problems" (cannot create file C:\Windows\wininit.ini Zugriff verweigert) Die google-Recherche sagt zwar, dass es sich wahrscheinlich um einen gefährlichen Trojaner handelt, liefert aber keinen brauchbaren Hinweis wie er zu entfernen ist. Ich hoffe ich habe bei den benötigten Logfiles alles richtig gemacht! Vielen Dank schon mal im Voraus!!!!! OTL.txt Code:
ATTFilter OTL logfile created on: 6/18/2013 3:10:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.85 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 42.44% Memory free
7.71 Gb Paging File | 5.44 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 112.00 Gb Total Space | 3.76 Gb Free Space | 3.36% Space Free | Partition Type: NTFS
Drive D: | 165.99 Gb Total Space | 165.50 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
Computer Name: R247097 | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/06/18 15:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Downloads\OTL(1).exe
PRC - [2013/06/11 10:40:51 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Christina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/05/13 11:29:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/23 06:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/04/23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/04/23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/31 09:35:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/31 09:34:47 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/03/12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Christina.sich\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/12/13 15:44:45 | 000,702,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/12/13 15:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/07 15:40:06 | 000,843,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/12/03 07:00:00 | 005,724,472 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/06/23 00:20:48 | 000,086,068 | ---- | M] (Thermo Electron Corporation) -- C:\Xcalibur\System\Programs\FinAutoLogOff.exe
PRC - [2006/06/23 00:20:42 | 000,065,536 | ---- | M] (Thermo Electron Corporation) -- C:\Xcalibur\System\Programs\finSS_Server.exe
PRC - [2006/06/23 00:02:46 | 000,335,923 | ---- | M] (Thermo Electron Corporation) -- C:\Xcalibur\System\Programs\CFRDBService.exe
========== Modules (No Company Name) ==========
MOD - [2013/05/19 13:47:02 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013/05/19 13:46:49 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013/05/19 13:46:39 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013/05/19 13:46:34 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013/05/19 13:46:31 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013/02/16 10:56:56 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013/01/10 11:26:25 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013/01/10 09:38:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013/01/10 09:38:06 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013/01/10 09:37:59 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2010/05/05 08:15:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/06/17 09:55:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/24 10:58:25 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/07 16:19:12 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- (SpyHunter 4 Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/31 09:35:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/31 09:34:47 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/13 15:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 09:28:30 | 002,782,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
SRV - [2006/06/23 00:20:48 | 000,086,068 | ---- | M] (Thermo Electron Corporation) [Auto | Running] -- C:\Xcalibur\System\Programs\FinAutoLogOff.exe -- (FinAutoLogOff)
SRV - [2006/06/23 00:20:42 | 000,065,536 | ---- | M] (Thermo Electron Corporation) [Auto | Running] -- C:\Xcalibur\System\Programs\finSS_Server.exe -- (Finnigan Security Server)
SRV - [2006/06/23 00:02:46 | 000,335,923 | ---- | M] (Thermo Electron Corporation) [Auto | Running] -- C:\Xcalibur\System\Programs\CFRDBService.exe -- (CFRDBService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/06/18 13:22:31 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/04/03 09:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013/04/03 09:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013/04/03 09:58:08 | 000,158,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2013/04/03 09:58:08 | 000,038,080 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2013/04/03 09:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2013/03/31 09:35:23 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/31 09:35:23 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/03/31 09:35:23 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/12/13 15:28:42 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/12/13 15:26:36 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/06/22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/05 08:47:10 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/05/05 08:47:10 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/05 07:23:26 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/01 02:25:14 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/31 02:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/29 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/14 22:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/12/03 07:00:00 | 000,103,224 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/07 09:59:18 | 000,016,896 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Wibukey2_64.sys -- (Wibukey2_64)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/04/18 12:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/07/16 01:09:53 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SMSN_deDE397
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/19 13:51:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013/02/07 13:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/17 11:31:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/17 11:31:56 | 000,000,000 | ---D | M]
[2013/05/21 21:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Extensions
[2013/05/24 10:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/24 10:58:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/24 10:58:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/24 10:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/05/24 10:58:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/09/27 21:04:22 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
========== Chrome ==========
CHR - Extension: Docs = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google-Suche = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2013/04/27 07:23:49 | 000,000,924 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 129.187.254.40 asa01.lrz.de
O1 - Hosts: 129.187.254.164 asa04.lrz.de
O1 - Hosts: 129.187.254.40 asa01.lrz.de
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Spotify] C:\Users\Christina\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Christina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christina.sich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.33.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B69961B9-4172-4A5F-A43A-7632BE495F3A}: DhcpNameServer = 192.168.33.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C60DE602-45B1-48F4-A158-C236BA4AC340}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/18 12:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/18 12:17:44 | 000,000,000 | ---D | C] -- C:\Users\Christina\Desktop\RK_Quarantine
[2013/06/18 11:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/18 11:45:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/18 09:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/17 11:22:55 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013/06/17 11:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013/06/17 10:34:09 | 001,122,304 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/06/17 10:34:09 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/06/17 10:34:09 | 000,274,432 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/06/17 10:34:09 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/06/17 10:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win 32. Downloader . Gen Removal Tool
[2013/06/17 09:35:40 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Diagnostics
[2013/06/11 19:33:23 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Skype
[2013/06/11 10:40:55 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Spotify
[2013/06/11 10:39:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Spotify
[2013/06/09 20:53:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/06/09 13:13:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/06/09 13:09:38 | 000,188,232 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2013/06/09 13:09:38 | 000,169,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2013/06/09 13:09:38 | 000,158,024 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadserd.sys
[2013/06/09 13:09:38 | 000,021,320 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2013/06/09 13:09:38 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2013/06/09 13:09:38 | 000,017,736 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2013/06/09 13:09:38 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2013/06/09 13:09:38 | 000,017,224 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2013/06/09 13:07:13 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe
[2013/06/09 12:55:02 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Samsung
[2013/06/09 12:53:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Samsung
[2013/06/07 19:40:58 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\DivX
[2013/06/07 19:40:05 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Google
[2013/05/24 10:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/24 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/05/24 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/05/24 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\DVDVideoSoft
[2013/05/22 17:32:50 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\EndNote
[2013/05/22 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Adobe
[2013/05/21 23:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/21 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Dropbox
[2013/05/21 22:44:08 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Google
[2013/05/21 22:38:12 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Malwarebytes
[2013/05/21 22:37:17 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Programs
[2013/05/21 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Macromedia
[2013/05/21 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Macromedia
[2013/05/21 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Adobe
[2013/05/21 21:23:47 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Mozilla
[2013/05/21 21:23:47 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Mozilla
[2013/05/21 21:22:44 | 000,000,000 | ---D | C] -- C:\Users\Christina\Desktop\Word
[2013/05/21 21:18:40 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Avira
[2013/05/21 21:13:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\ATI
[2013/05/21 21:13:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\ATI
[2013/05/21 21:12:38 | 000,000,000 | R--D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/21 21:12:38 | 000,000,000 | R--D | C] -- C:\Users\Christina\Searches
[2013/05/21 21:12:38 | 000,000,000 | R--D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/21 21:12:36 | 000,000,000 | R--D | C] -- C:\Users\Christina\Contacts
[2013/05/21 21:12:36 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Identities
[2013/05/21 21:12:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\VirtualStore
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Vorlagen
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\AppData\Local\Verlauf
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\AppData\Local\Temporary Internet Files
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Startmenü
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\SendTo
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Recent
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Netzwerkumgebung
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Lokale Einstellungen
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Documents\Eigene Videos
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Documents\Eigene Musik
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Eigene Dateien
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Documents\Eigene Bilder
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Druckumgebung
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Cookies
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\AppData\Local\Anwendungsdaten
[2013/05/21 21:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Christina\Anwendungsdaten
[2013/05/21 21:12:03 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Temp
[2013/05/21 21:12:03 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Microsoft Help
[2013/05/21 21:12:03 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Microsoft
[2013/05/21 21:12:03 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Media Center Programs
[2013/05/21 21:12:02 | 000,000,000 | --SD | C] -- C:\Users\Christina\AppData\Roaming\Microsoft
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\Videos
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\Saved Games
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\Pictures
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\Music
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\Links
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\Favorites
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\Downloads
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\Documents
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\Desktop
[2013/05/21 21:12:02 | 000,000,000 | R--D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/21 21:12:02 | 000,000,000 | -H-D | C] -- C:\Users\Christina\AppData
[2013/05/21 21:12:02 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2013/05/21 20:48:25 | 000,000,000 | ---D | C] -- C:\Users\Christina\Documents\Youcam
[2013/05/21 20:48:25 | 000,000,000 | ---D | C] -- C:\Users\Christina\Documents\SelfMV
[2013/05/21 20:47:45 | 000,000,000 | ---D | C] -- C:\Users\Christina\Documents\samsung
[2013/05/21 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Christina\Documents\OneNote-Notizbücher
[2013/05/21 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Christina\Documents\My Pictures
[2013/05/21 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Christina\Documents\DVDVideoSoft
[2013/05/21 20:47:40 | 000,000,000 | ---D | C] -- C:\Users\Christina\Documents\Citavi 3
[2013/05/21 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Christina\Documents\capella
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/18 15:07:34 | 000,000,000 | ---- | M] () -- C:\Users\Christina\defogger_reenable
[2013/06/18 15:04:32 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/18 15:04:32 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/18 14:53:15 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/18 14:52:13 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/06/18 14:52:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/18 14:51:55 | 4137,803,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/18 14:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/18 14:36:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/18 13:22:31 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/06/18 13:19:56 | 000,000,550 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/06/18 11:45:48 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/17 17:15:48 | 001,527,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/17 11:22:55 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013/06/17 09:47:37 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/06/17 09:47:37 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/17 09:47:37 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/06/17 09:47:37 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/11 19:33:00 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/06/11 10:40:53 | 000,001,787 | ---- | M] () -- C:\Users\Christina\Desktop\Spotify.lnk
[2013/06/09 13:10:55 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/06/07 10:02:37 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/07 10:02:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/07 09:50:39 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/24 10:28:05 | 000,001,402 | ---- | M] () -- C:\Users\Christina\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/21 23:32:29 | 000,001,440 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/21 23:32:18 | 000,001,398 | ---- | M] () -- C:\Users\Christina\Desktop\Dropbox.lnk
[2013/05/20 18:12:28 | 000,437,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/18 15:07:34 | 000,000,000 | ---- | C] () -- C:\Users\Christina\defogger_reenable
[2013/06/18 13:22:31 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/06/18 13:19:56 | 000,000,550 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/06/18 11:45:48 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/11 10:40:53 | 000,001,787 | ---- | C] () -- C:\Users\Christina\Desktop\Spotify.lnk
[2013/06/11 10:40:53 | 000,001,773 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/06/09 13:10:55 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/06/09 13:07:13 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/06/09 13:07:13 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013/06/07 10:02:37 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/07 10:02:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/21 23:32:29 | 000,001,440 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/21 21:12:48 | 000,001,413 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/21 20:47:30 | 002,662,246 | ---- | C] () -- C:\Users\Christina\Documents\Vorlesung%205%20Kanzerogenese.pdf
[2013/05/21 20:47:30 | 002,088,659 | ---- | C] () -- C:\Users\Christina\Documents\Wiederfindung_1%202.pdf
[2013/05/21 20:47:30 | 000,623,832 | ---- | C] () -- C:\Users\Christina\Documents\Wiederfindung%201.pdf
[2013/05/21 20:47:30 | 000,439,288 | ---- | C] () -- C:\Users\Christina\Documents\wasserloesliche_vitamine01[1].pdf
[2013/05/21 20:47:30 | 000,439,288 | ---- | C] () -- C:\Users\Christina\Documents\wasserloesliche_vitamine01.pdf
[2013/05/21 20:47:30 | 000,128,128 | ---- | C] () -- C:\Users\Christina\Documents\Zusatzstoffe.pdf
[2013/05/21 20:47:30 | 000,035,177 | ---- | C] () -- C:\Users\Christina\Documents\Walnuss%201%2B29.pdf
[2013/05/21 20:47:29 | 002,841,930 | ---- | C] () -- C:\Users\Christina\Documents\Vorlesung%2010%20Lebensmittel[1].pdf
[2013/05/21 20:47:29 | 002,841,930 | ---- | C] () -- C:\Users\Christina\Documents\Vorlesung%2010%20Lebensmittel.pdf
[2013/05/21 20:47:29 | 002,372,319 | ---- | C] () -- C:\Users\Christina\Documents\Vitamine-Speifefette-Speisef6le-LMC20SS20201020SI.pdf
[2013/05/21 20:47:29 | 001,069,424 | ---- | C] () -- C:\Users\Christina\Documents\Versuchsanleitung%20Antioxidantien%20und%20Schalenbehandlungsmittel.pdf
[2013/05/21 20:47:29 | 000,120,897 | ---- | C] () -- C:\Users\Christina\Documents\VO%20178-2002%2C%20Mitteilungspflichten.pdf
[2013/05/21 20:47:28 | 000,915,877 | ---- | C] () -- C:\Users\Christina\Documents\Tryptamin[1].pdf
[2013/05/21 20:47:28 | 000,320,664 | ---- | C] () -- C:\Users\Christina\Documents\ToxikologieTeil8PAK.pdf
[2013/05/21 20:47:28 | 000,103,749 | ---- | C] () -- C:\Users\Christina\Documents\Toxikologie_SS2011_Staatsexamensklausur.pdf
[2013/05/21 20:47:28 | 000,040,858 | ---- | C] () -- C:\Users\Christina\Documents\Tyramin.pdf
[2013/05/21 20:47:28 | 000,039,926 | ---- | C] () -- C:\Users\Christina\Documents\Tryptamin.pdf
[2013/05/21 20:47:28 | 000,034,529 | ---- | C] () -- C:\Users\Christina\Documents\Tween60FSME.pdf
[2013/05/21 20:47:28 | 000,033,926 | ---- | C] () -- C:\Users\Christina\Documents\Tween20FSME[1].pdf
[2013/05/21 20:47:28 | 000,033,926 | ---- | C] () -- C:\Users\Christina\Documents\Tween20FSME.pdf
[2013/05/21 20:47:28 | 000,000,328 | ---- | C] () -- C:\Users\Christina\Documents\UserStl.sk
[2013/05/21 20:47:28 | 000,000,000 | ---- | C] () -- C:\Users\Christina\Documents\UserLab.sk
[2013/05/21 20:47:27 | 001,041,833 | ---- | C] () -- C:\Users\Christina\Documents\ToxikologieTeil6Nitrosamine.pdf
[2013/05/21 20:47:27 | 000,923,804 | ---- | C] () -- C:\Users\Christina\Documents\ToxikologieTeil10Chlor[1].pdf
[2013/05/21 20:47:27 | 000,923,804 | ---- | C] () -- C:\Users\Christina\Documents\ToxikologieTeil10Chlor.pdf
[2013/05/21 20:47:27 | 000,363,899 | ---- | C] () -- C:\Users\Christina\Documents\ToxikologieTeil7Aromastoffe.pdf
[2013/05/21 20:47:26 | 022,510,632 | ---- | C] () -- C:\Users\Christina\Documents\TOX%20-%20tagliatelle%20mit%20gem%C3%BCsebolognese[2].pdf
[2013/05/21 20:47:18 | 022,510,632 | ---- | C] () -- C:\Users\Christina\Documents\TOX%20-%20tagliatelle%20mit%20gem%C3%BCsebolognese[1].pdf
[2013/05/21 20:47:17 | 022,510,632 | ---- | C] () -- C:\Users\Christina\Documents\TOX%20-%20tagliatelle%20mit%20gem%C3%BCsebolognese.pdf
[2013/05/21 20:47:16 | 001,833,727 | ---- | C] () -- C:\Users\Christina\Documents\TOX%20-%20Bio%20Penne%20mit%20Bio%20Tomaten-Gem%C3%BCsesauce[2].pdf
[2013/05/21 20:47:16 | 001,833,727 | ---- | C] () -- C:\Users\Christina\Documents\TOX%20-%20Bio%20Penne%20mit%20Bio%20Tomaten-Gem%C3%BCsesauce[1].pdf
[2013/05/21 20:47:15 | 002,115,459 | ---- | C] () -- C:\Users\Christina\Documents\System%201%20Konservierungsstoffe.pdf
[2013/05/21 20:47:15 | 002,098,833 | ---- | C] () -- C:\Users\Christina\Documents\System%202%20Konservierungsstoffe.pdf
[2013/05/21 20:47:15 | 001,833,727 | ---- | C] () -- C:\Users\Christina\Documents\TOX%20-%20Bio%20Penne%20mit%20Bio%20Tomaten-Gem%C3%BCsesauce.pdf
[2013/05/21 20:47:15 | 000,261,032 | ---- | C] () -- C:\Users\Christina\Documents\SPIELZ~1.pdf
[2013/05/21 20:47:15 | 000,075,899 | ---- | C] () -- C:\Users\Christina\Documents\TAM%20Platzanleitung[1].pdf
[2013/05/21 20:47:15 | 000,075,899 | ---- | C] () -- C:\Users\Christina\Documents\TAM%20Platzanleitung.pdf
[2013/05/21 20:47:15 | 000,070,237 | ---- | C] () -- C:\Users\Christina\Documents\Sulfadiazin%20einzel.pdf
[2013/05/21 20:47:15 | 000,070,198 | ---- | C] () -- C:\Users\Christina\Documents\Sulfadiazin%20gesamt.pdf
[2013/05/21 20:47:15 | 000,063,159 | ---- | C] () -- C:\Users\Christina\Documents\Tam%20Matrix.pdf
[2013/05/21 20:47:15 | 000,062,207 | ---- | C] () -- C:\Users\Christina\Documents\TAM%20NWG1.pdf
[2013/05/21 20:47:15 | 000,056,346 | ---- | C] () -- C:\Users\Christina\Documents\Sulfadiazin.pdf
[2013/05/21 20:47:15 | 000,042,747 | ---- | C] () -- C:\Users\Christina\Documents\TAM%20Matrix1[1].pdf
[2013/05/21 20:47:15 | 000,042,747 | ---- | C] () -- C:\Users\Christina\Documents\TAM%20Matrix1.pdf
[2013/05/21 20:47:15 | 000,026,555 | ---- | C] () -- C:\Users\Christina\Documents\TAM%20Matrix2.pdf
[2013/05/21 20:47:15 | 000,001,921 | ---- | C] () -- C:\Users\Christina\Documents\template.cfg
[2013/05/21 20:47:14 | 008,303,398 | ---- | C] () -- C:\Users\Christina\Documents\Spezielle_LMCH_2_Milch_Teil_C.pdf
[2013/05/21 20:47:14 | 002,141,347 | ---- | C] () -- C:\Users\Christina\Documents\Sorbins%C3%A4ure[4].pdf
[2013/05/21 20:47:14 | 002,141,347 | ---- | C] () -- C:\Users\Christina\Documents\Sorbins%C3%A4ure[3].pdf
[2013/05/21 20:47:14 | 000,059,367 | ---- | C] () -- C:\Users\Christina\Documents\sorbins%C3%A4ure[5].pdf
[2013/05/21 20:47:14 | 000,059,367 | ---- | C] () -- C:\Users\Christina\Documents\sorbins%C3%A4ure[2].pdf
[2013/05/21 20:47:14 | 000,059,367 | ---- | C] () -- C:\Users\Christina\Documents\sorbins%C3%A4ure[1].pdf
[2013/05/21 20:47:14 | 000,031,804 | ---- | C] () -- C:\Users\Christina\Documents\spezielle%20lc%20und%20bedarfsgegenst%C3%A4nde%20WS2010[1].pdf
[2013/05/21 20:47:14 | 000,031,804 | ---- | C] () -- C:\Users\Christina\Documents\spezielle%20lc%20und%20bedarfsgegenst%C3%A4nde%20WS2010.pdf
[2013/05/21 20:47:13 | 002,755,743 | ---- | C] () -- C:\Users\Christina\Documents\SLC%20II_Mitschrift[1].pdf
[2013/05/21 20:47:13 | 002,755,743 | ---- | C] () -- C:\Users\Christina\Documents\SLC%20II_Mitschrift.pdf
[2013/05/21 20:47:13 | 002,174,193 | ---- | C] () -- C:\Users\Christina\Documents\Salicyls%C3%A4ure%201.pdf
[2013/05/21 20:47:13 | 001,187,918 | ---- | C] () -- C:\Users\Christina\Documents\Saccharin-Nachweisgrenze_Syst.I.pdf
[2013/05/21 20:47:13 | 000,064,921 | ---- | C] () -- C:\Users\Christina\Documents\salicyls%C3%A4ure.pdf
[2013/05/21 20:47:13 | 000,059,367 | ---- | C] () -- C:\Users\Christina\Documents\sorbins%C3%A4ure.pdf
[2013/05/21 20:47:13 | 000,049,248 | ---- | C] () -- C:\Users\Christina\Documents\ser%20his%201[3].pdf
[2013/05/21 20:47:13 | 000,049,248 | ---- | C] () -- C:\Users\Christina\Documents\ser%20his%201[2].pdf
[2013/05/21 20:47:13 | 000,049,248 | ---- | C] () -- C:\Users\Christina\Documents\ser%20his%201[1].pdf
[2013/05/21 20:47:13 | 000,049,248 | ---- | C] () -- C:\Users\Christina\Documents\ser%20his%201.pdf
[2013/05/21 20:47:13 | 000,035,107 | ---- | C] () -- C:\Users\Christina\Documents\Sojaoel_1%2B29.pdf
[2013/05/21 20:47:13 | 000,033,138 | ---- | C] () -- C:\Users\Christina\Documents\Serotonin.pdf
[2013/05/21 20:47:12 | 008,976,569 | ---- | C] () -- C:\Users\Christina\Documents\S%C3%BC%C3%9Fstoffe-DC.pdf
[2013/05/21 20:47:10 | 000,145,709 | ---- | C] () -- C:\Users\Christina\Documents\S%C3%BC%C3%9Fstoffe%20HPLC%20Anleitung[1].pdf
[2013/05/21 20:47:10 | 000,090,390 | ---- | C] () -- C:\Users\Christina\Documents\S%C3%BC%C3%9Fstoffe%20HPLC[1].pdf
[2013/05/21 20:47:10 | 000,090,390 | ---- | C] () -- C:\Users\Christina\Documents\S%C3%BC%C3%9Fstoffe%20HPLC.pdf
[2013/05/21 20:47:09 | 000,229,850 | ---- | C] () -- C:\Users\Christina\Documents\S%C3%BC%C3%9Fstoffe%20DC%20mit%20St%C3%B6rsubstanzen[1].pdf
[2013/05/21 20:47:09 | 000,145,709 | ---- | C] () -- C:\Users\Christina\Documents\S%C3%BC%C3%9Fstoffe%20HPLC%20Anleitung.pdf
[2013/05/21 20:47:08 | 000,229,850 | ---- | C] () -- C:\Users\Christina\Documents\S%C3%BC%C3%9Fstoffe%20DC%20mit%20St%C3%B6rsubstanzen.pdf
[2013/05/21 20:47:07 | 002,107,365 | ---- | C] () -- C:\Users\Christina\Documents\Responselauf_3%201.pdf
[2013/05/21 20:47:07 | 000,050,339 | ---- | C] () -- C:\Users\Christina\Documents\s%C3%BC%C3%9F%2Bbio.pdf
[2013/05/21 20:47:06 | 002,159,081 | ---- | C] () -- C:\Users\Christina\Documents\Responselauf_1%201[1].pdf
[2013/05/21 20:47:05 | 002,159,081 | ---- | C] () -- C:\Users\Christina\Documents\Responselauf_1%201.pdf
[2013/05/21 20:47:04 | 007,638,311 | ---- | C] () -- C:\Users\Christina\Documents\pestizide%20MD[1].pdf
[2013/05/21 20:47:04 | 003,976,537 | ---- | C] () -- C:\Users\Christina\Documents\Psychophysik_und_experimentelle_Sensorik_Teil_1.pdf
[2013/05/21 20:47:04 | 000,050,993 | ---- | C] () -- C:\Users\Christina\Documents\phe%20tyr%20tryp%201[1].pdf
[2013/05/21 20:47:04 | 000,050,993 | ---- | C] () -- C:\Users\Christina\Documents\phe%20tyr%20tryp%201.pdf
[2013/05/21 20:47:04 | 000,050,109 | ---- | C] () -- C:\Users\Christina\Documents\Phenylethylamin.pdf
[2013/05/21 20:47:04 | 000,048,075 | ---- | C] () -- C:\Users\Christina\Documents\phe%20tyr%20tryp%205.pdf
[2013/05/21 20:47:04 | 000,017,034 | ---- | C] () -- C:\Users\Christina\Documents\PG.pdf
[2013/05/21 20:47:03 | 007,638,311 | ---- | C] () -- C:\Users\Christina\Documents\pestizide%20MD.pdf
[2013/05/21 20:47:02 | 002,182,707 | ---- | C] () -- C:\Users\Christina\Documents\NWG_1%20System_1%201.pdf
[2013/05/21 20:47:02 | 002,106,769 | ---- | C] () -- C:\Users\Christina\Documents\NWG_1%20System_2%201.pdf
[2013/05/21 20:47:02 | 002,091,735 | ---- | C] () -- C:\Users\Christina\Documents\NWG_4%201.pdf
[2013/05/21 20:47:02 | 000,755,666 | ---- | C] () -- C:\Users\Christina\Documents\Patentblau%20V[1].pdf
[2013/05/21 20:47:02 | 000,755,666 | ---- | C] () -- C:\Users\Christina\Documents\Patentblau%20V.pdf
[2013/05/21 20:47:02 | 000,080,006 | ---- | C] () -- C:\Users\Christina\Documents\NWG1[3].pdf
[2013/05/21 20:47:02 | 000,048,861 | ---- | C] () -- C:\Users\Christina\Documents\NWG4%201.pdf
[2013/05/21 20:47:02 | 000,046,108 | ---- | C] () -- C:\Users\Christina\Documents\nwg1[4].pdf
[2013/05/21 20:47:02 | 000,016,987 | ---- | C] () -- C:\Users\Christina\Documents\OG.pdf
[2013/05/21 20:47:01 | 001,660,570 | ---- | C] () -- C:\Users\Christina\Documents\NWG.pdf
[2013/05/21 20:47:01 | 001,217,612 | ---- | C] () -- C:\Users\Christina\Documents\Nuss-Nougat-Creme.pdf
[2013/05/21 20:47:01 | 001,037,280 | ---- | C] () -- C:\Users\Christina\Documents\NWG%201_1.pdf
[2013/05/21 20:47:01 | 001,017,064 | ---- | C] () -- C:\Users\Christina\Documents\NWG%202_1.pdf
[2013/05/21 20:47:01 | 000,080,006 | ---- | C] () -- C:\Users\Christina\Documents\NWG1[1].pdf
[2013/05/21 20:47:01 | 000,070,205 | ---- | C] () -- C:\Users\Christina\Documents\Nitrofurantoin%20gesamt.pdf
[2013/05/21 20:47:01 | 000,054,197 | ---- | C] () -- C:\Users\Christina\Documents\Nitrofurantoin[1].pdf
[2013/05/21 20:47:01 | 000,054,197 | ---- | C] () -- C:\Users\Christina\Documents\Nitrofurantoin.pdf
[2013/05/21 20:47:01 | 000,048,237 | ---- | C] () -- C:\Users\Christina\Documents\NWG1%201[1].pdf
[2013/05/21 20:47:01 | 000,048,237 | ---- | C] () -- C:\Users\Christina\Documents\NWG1%201.pdf
[2013/05/21 20:47:01 | 000,046,108 | ---- | C] () -- C:\Users\Christina\Documents\nwg1[2].pdf
[2013/05/21 20:47:01 | 000,044,969 | ---- | C] () -- C:\Users\Christina\Documents\NWG1.pdf
[2013/05/21 20:47:01 | 000,040,959 | ---- | C] () -- C:\Users\Christina\Documents\NitrofurazonEinzel1.pdf
[2013/05/21 20:47:01 | 000,039,251 | ---- | C] () -- C:\Users\Christina\Documents\NitrofurantoinEinzel1.pdf
[2013/05/21 20:47:01 | 000,039,199 | ---- | C] () -- C:\Users\Christina\Documents\NWG1%203.pdf
[2013/05/21 20:47:00 | 003,636,653 | ---- | C] () -- C:\Users\Christina\Documents\Nebenfach_Lipide_2.pdf
[2013/05/21 20:47:00 | 000,552,134 | ---- | C] () -- C:\Users\Christina\Documents\Nitrat.pdf
[2013/05/21 20:47:00 | 000,073,759 | ---- | C] () -- C:\Users\Christina\Documents\Nitrofurantoin%20einzel.pdf
[2013/05/21 20:46:59 | 001,651,003 | ---- | C] () -- C:\Users\Christina\Documents\milch02.pdf
[2013/05/21 20:46:59 | 000,087,951 | ---- | C] () -- C:\Users\Christina\Documents\Nachweisgrenzen%20Zusammenfassung.pdf
[2013/05/21 20:46:59 | 000,054,264 | ---- | C] () -- C:\Users\Christina\Documents\Nachweisgrenzen%20Pestizide[3].pdf
[2013/05/21 20:46:59 | 000,054,264 | ---- | C] () -- C:\Users\Christina\Documents\Nachweisgrenzen%20Pestizide[2].pdf
[2013/05/21 20:46:59 | 000,054,264 | ---- | C] () -- C:\Users\Christina\Documents\Nachweisgrenzen%20Pestizide[1].pdf
[2013/05/21 20:46:59 | 000,054,264 | ---- | C] () -- C:\Users\Christina\Documents\Nachweisgrenzen%20Pestizide.pdf
[2013/05/21 20:46:58 | 000,600,151 | ---- | C] () -- C:\Users\Christina\Documents\milch01[1].pdf
[2013/05/21 20:46:57 | 002,090,251 | ---- | C] () -- C:\Users\Christina\Documents\Matrix%201.pdf
[2013/05/21 20:46:57 | 001,709,065 | ---- | C] () -- C:\Users\Christina\Documents\Lipide_Teil%207_SS10.pdf
[2013/05/21 20:46:57 | 000,600,151 | ---- | C] () -- C:\Users\Christina\Documents\milch01.pdf
[2013/05/21 20:46:56 | 001,698,494 | ---- | C] () -- C:\Users\Christina\Documents\Lipide_Teil%206_SS10[1].pdf
[2013/05/21 20:46:55 | 001,698,494 | ---- | C] () -- C:\Users\Christina\Documents\Lipide_Teil%206_SS10.pdf
[2013/05/21 20:46:53 | 007,802,374 | ---- | C] () -- C:\Users\Christina\Documents\Lindenm_Ana1.pdf
[2013/05/21 20:46:53 | 000,201,034 | ---- | C] () -- C:\Users\Christina\Documents\Lebensmittel%20Arzneimittel.pdf
[2013/05/21 20:46:52 | 001,473,291 | ---- | C] () -- C:\Users\Christina\Documents\KONSERVIERUNGSSTOFFE[1].pdf
[2013/05/21 20:46:52 | 001,036,467 | ---- | C] () -- C:\Users\Christina\Documents\kosmetik_analytik_beispiele.pdf
[2013/05/21 20:46:52 | 000,034,202 | ---- | C] () -- C:\Users\Christina\Documents\LactemFSME.pdf
[2013/05/21 20:46:52 | 000,000,009 | ---- | C] () -- C:\Users\Christina\Documents\LastLab.sk
[2013/05/21 20:46:51 | 001,473,291 | ---- | C] () -- C:\Users\Christina\Documents\KONSERVIERUNGSSTOFFE.pdf
[2013/05/21 20:46:50 | 002,091,201 | ---- | C] () -- C:\Users\Christina\Documents\Kali%20(1%2B3)%201.pdf
[2013/05/21 20:46:49 | 001,912,327 | ---- | C] () -- C:\Users\Christina\Documents\Kaffee-nusssouffle2011.pdf
[2013/05/21 20:46:49 | 001,141,436 | ---- | C] () -- C:\Users\Christina\Documents\Identification, formation and analytical methodology.pdf
[2013/05/21 20:46:48 | 000,181,803 | ---- | C] () -- C:\Users\Christina\Documents\Hygienepaket%20-%20neu[1].pdf
[2013/05/21 20:46:47 | 000,734,258 | ---- | C] () -- C:\Users\Christina\Documents\Himbeerpudding.pdf
[2013/05/21 20:46:47 | 000,476,982 | ---- | C] () -- C:\Users\Christina\Documents\Hydroxyprolin%20Kalibriergerade%202.pdf
[2013/05/21 20:46:47 | 000,181,803 | ---- | C] () -- C:\Users\Christina\Documents\Hygienepaket%20-%20neu.pdf
[2013/05/21 20:46:47 | 000,071,634 | ---- | C] () -- C:\Users\Christina\Documents\HPLC%20Bedingungen%20zum%20aufkleben.pdf
[2013/05/21 20:46:47 | 000,070,627 | ---- | C] () -- C:\Users\Christina\Documents\HPLC%20Bedingungen%20zum%20aufkleben[4].pdf
[2013/05/21 20:46:47 | 000,070,627 | ---- | C] () -- C:\Users\Christina\Documents\HPLC%20Bedingungen%20zum%20aufkleben[3].pdf
[2013/05/21 20:46:47 | 000,070,627 | ---- | C] () -- C:\Users\Christina\Documents\HPLC%20Bedingungen%20zum%20aufkleben[2].pdf
[2013/05/21 20:46:47 | 000,070,627 | ---- | C] () -- C:\Users\Christina\Documents\HPLC%20Bedingungen%20zum%20aufkleben[1].pdf
[2013/05/21 20:46:47 | 000,043,020 | ---- | C] () -- C:\Users\Christina\Documents\Histamin.pdf
[2013/05/21 20:46:45 | 002,294,161 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf_S%C3%BC%C3%9Fstoffe[1].pdf
[2013/05/21 20:46:45 | 002,294,161 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf_S%C3%BC%C3%9Fstoffe.pdf
[2013/05/21 20:46:45 | 000,000,619 | ---- | C] () -- C:\Users\Christina\Documents\grstyles.stl
[2013/05/21 20:46:44 | 000,055,531 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf[9].pdf
[2013/05/21 20:46:43 | 000,066,066 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf[8].pdf
[2013/05/21 20:46:42 | 002,161,095 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf[6].pdf
[2013/05/21 20:46:42 | 002,161,095 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf[5].pdf
[2013/05/21 20:46:42 | 000,066,066 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf[7].pdf
[2013/05/21 20:46:42 | 000,066,066 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf[2].pdf
[2013/05/21 20:46:42 | 000,055,531 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf[4].pdf
[2013/05/21 20:46:42 | 000,023,179 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf[3].pdf
[2013/05/21 20:46:41 | 002,160,037 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%20Konsi%2BAntiox%2BSchale[2].pdf
[2013/05/21 20:46:41 | 000,066,066 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf[1].pdf
[2013/05/21 20:46:41 | 000,057,964 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%20TAM.pdf
[2013/05/21 20:46:41 | 000,055,531 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf.pdf
[2013/05/21 20:46:39 | 002,160,037 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%20Konsi%2BAntiox%2BSchale[1].pdf
[2013/05/21 20:46:38 | 002,160,037 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%20Konsi%2BAntiox%2BSchale.pdf
[2013/05/21 20:46:37 | 002,165,687 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%20Konsi%2BAntiox%2BSchale%201[4].pdf
[2013/05/21 20:46:37 | 002,165,687 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%20Konsi%2BAntiox%2BSchale%201[3].pdf
[2013/05/21 20:46:36 | 002,174,205 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%202[2].pdf
[2013/05/21 20:46:36 | 002,165,687 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%20Konsi%2BAntiox%2BSchale%201[2].pdf
[2013/05/21 20:46:36 | 002,165,687 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%20Konsi%2BAntiox%2BSchale%201[1].pdf
[2013/05/21 20:46:36 | 002,165,687 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%20Konsi%2BAntiox%2BSchale%201.pdf
[2013/05/21 20:46:35 | 002,171,047 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%201[4].pdf
[2013/05/21 20:46:35 | 002,162,183 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%201[5].pdf
[2013/05/21 20:46:35 | 002,162,183 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%201[3].pdf
[2013/05/21 20:46:35 | 002,162,183 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%201[2].pdf
[2013/05/21 20:46:35 | 002,086,101 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%202[1].pdf
[2013/05/21 20:46:35 | 002,086,101 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%202.pdf
[2013/05/21 20:46:34 | 002,171,047 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%201[1].pdf
[2013/05/21 20:46:30 | 002,162,183 | ---- | C] () -- C:\Users\Christina\Documents\Gesamtlauf%201.pdf
[2013/05/21 20:46:25 | 000,040,525 | ---- | C] () -- C:\Users\Christina\Documents\Gesamt%20S%C3%BC%C3%9F2.pdf
[2013/05/21 20:46:24 | 000,256,767 | ---- | C] () -- C:\Users\Christina\Documents\Gentechnisch%20ver%C3%A4ndert[1].pdf
[2013/05/21 20:46:16 | 000,256,767 | ---- | C] () -- C:\Users\Christina\Documents\Gentechnisch%20ver%C3%A4ndert.pdf
[2013/05/21 20:46:11 | 019,986,951 | ---- | C] () -- C:\Users\Christina\Documents\GC-FSME_Referenzl%C3%A4ufe.pdf
[2013/05/21 20:46:03 | 015,309,704 | ---- | C] () -- C:\Users\Christina\Documents\gc%20ms.pdf
[2013/05/21 20:46:00 | 000,011,086 | ---- | C] () -- C:\Users\Christina\Documents\Fragensammlung%20Sensorik-Klausur%2015.4.11.pdf
[2013/05/21 20:45:59 | 005,763,365 | ---- | C] () -- C:\Users\Christina\Documents\farbstoffe%20kalibriergeraden.pdf
[2013/05/21 20:45:59 | 000,123,568 | ---- | C] () -- C:\Users\Christina\Documents\FIAP%20-%20Zusatzstoffe.pdf
[2013/05/21 20:45:59 | 000,107,066 | ---- | C] () -- C:\Users\Christina\Documents\FIAP%2C%20Aromen.pdf
[2013/05/21 20:45:59 | 000,092,411 | ---- | C] () -- C:\Users\Christina\Documents\FIAP%20-%20Zulassungsverfahren.pdf
[2013/05/21 20:45:57 | 002,153,200 | ---- | C] () -- C:\Users\Christina\Documents\Ernaehrung_Teil_10.pdf
[2013/05/21 20:45:57 | 000,510,723 | ---- | C] () -- C:\Users\Christina\Documents\Ernaehrung_Teil_9.pdf
[2013/05/21 20:45:57 | 000,160,717 | ---- | C] () -- C:\Users\Christina\Documents\EU-Kosmetik-VO[1].pdf
[2013/05/21 20:45:57 | 000,160,717 | ---- | C] () -- C:\Users\Christina\Documents\EU-Kosmetik-VO.pdf
[2013/05/21 20:45:54 | 002,175,318 | ---- | C] () -- C:\Users\Christina\Documents\Dulcin[2].pdf
[2013/05/21 20:45:53 | 002,175,318 | ---- | C] () -- C:\Users\Christina\Documents\Dulcin[1].pdf
[2013/05/21 20:45:53 | 002,175,318 | ---- | C] () -- C:\Users\Christina\Documents\Dulcin.pdf
[2013/05/21 20:45:52 | 000,180,807 | ---- | C] () -- C:\Users\Christina\Documents\Diatverordnung%202.pdf
[2013/05/21 20:45:52 | 000,177,120 | ---- | C] () -- C:\Users\Christina\Documents\Diatverordnung.pdf
[2013/05/21 20:45:52 | 000,078,232 | ---- | C] () -- C:\Users\Christina\Documents\Diatverordnung%203.pdf
[2013/05/21 20:45:52 | 000,052,386 | ---- | C] () -- C:\Users\Christina\Documents\Chloramphenicol.pdf
[2013/05/21 20:45:52 | 000,034,537 | ---- | C] () -- C:\Users\Christina\Documents\Citrem.referenzFSME.pdf
[2013/05/21 20:45:51 | 001,007,968 | ---- | C] () -- C:\Users\Christina\Documents\Catechin_mit%20Zuordnung[1].pdf
[2013/05/21 20:45:51 | 001,007,968 | ---- | C] () -- C:\Users\Christina\Documents\Catechin_mit%20Zuordnung.pdf
[2013/05/21 20:45:51 | 000,766,076 | ---- | C] () -- C:\Users\Christina\Documents\Chinolingelb.pdf
[2013/05/21 20:45:50 | 001,507,408 | ---- | C] () -- C:\Users\Christina\Documents\Brausepulver_JS.pdf
[2013/05/21 20:45:50 | 000,035,929 | ---- | C] () -- C:\Users\Christina\Documents\Carnaubawachs_unverduennt.pdf
[2013/05/21 20:45:48 | 006,608,069 | ---- | C] () -- C:\Users\Christina\Documents\Biotechnologie_BioanalytikIWS0910.pdf
[2013/05/21 20:45:47 | 002,056,525 | ---- | C] () -- C:\Users\Christina\Documents\BHT[1].pdf
[2013/05/21 20:45:46 | 000,062,177 | ---- | C] () -- C:\Users\Christina\Documents\benzoes%C3%A4ure[2].pdf
[2013/05/21 20:45:46 | 000,061,493 | ---- | C] () -- C:\Users\Christina\Documents\bht.pdf
[2013/05/21 20:45:46 | 000,016,567 | ---- | C] () -- C:\Users\Christina\Documents\BHA.pdf
[2013/05/21 20:45:45 | 002,150,449 | ---- | C] () -- C:\Users\Christina\Documents\Benzoes%C3%A4ure%2BSorbins%C3%A4ure.pdf
[2013/05/21 20:45:45 | 000,232,883 | ---- | C] () -- C:\Users\Christina\Documents\Bedienungsanleitung%20HPLC.pdf
[2013/05/21 20:45:45 | 000,062,177 | ---- | C] () -- C:\Users\Christina\Documents\benzoes%C3%A4ure[1].pdf
[2013/05/21 20:45:45 | 000,062,177 | ---- | C] () -- C:\Users\Christina\Documents\benzoes%C3%A4ure.pdf
[2013/05/21 20:45:44 | 004,875,098 | ---- | C] () -- C:\Users\Christina\Documents\Auswertung%20DC_fertig.pdf
[2013/05/21 20:45:44 | 000,713,363 | ---- | C] () -- C:\Users\Christina\Documents\BEDARF~1[1].pdf
[2013/05/21 20:45:44 | 000,713,363 | ---- | C] () -- C:\Users\Christina\Documents\BEDARF~1(2).pdf
[2013/05/21 20:45:44 | 000,000,203 | ---- | C] () -- C:\Users\Christina\Documents\BasicLab.sk
[2013/05/21 20:45:43 | 001,034,059 | ---- | C] () -- C:\Users\Christina\Documents\Auswertung%20DC[2].pdf
[2013/05/21 20:45:43 | 001,034,059 | ---- | C] () -- C:\Users\Christina\Documents\Auswertung%20DC[1].pdf
[2013/05/21 20:45:43 | 001,034,059 | ---- | C] () -- C:\Users\Christina\Documents\Auswertung%20DC.pdf
[2013/05/21 20:45:42 | 002,177,226 | ---- | C] () -- C:\Users\Christina\Documents\Aspartam.pdf
[2013/05/21 20:45:42 | 001,110,984 | ---- | C] () -- C:\Users\Christina\Documents\AR-M236_20100708_164508.pdf
[2013/05/21 20:45:42 | 000,281,741 | ---- | C] () -- C:\Users\Christina\Documents\Anleitung%20Pestizide[3].pdf
[2013/05/21 20:45:42 | 000,077,024 | ---- | C] () -- C:\Users\Christina\Documents\Auswertung%20Chromatogramme.pdf
[2013/05/21 20:45:41 | 000,283,920 | ---- | C] () -- C:\Users\Christina\Documents\Anleitung%20Pestizide[1].pdf
[2013/05/21 20:45:41 | 000,283,920 | ---- | C] () -- C:\Users\Christina\Documents\Anleitung%20Pestizide.pdf
[2013/05/21 20:45:41 | 000,281,741 | ---- | C] () -- C:\Users\Christina\Documents\Anleitung%20Pestizide[2].pdf
[2013/05/21 20:45:41 | 000,184,761 | ---- | C] () -- C:\Users\Christina\Documents\Anlage%203.pdf
[2013/05/21 20:45:41 | 000,184,633 | ---- | C] () -- C:\Users\Christina\Documents\Anlage%202[1].pdf
[2013/05/21 20:45:40 | 002,221,663 | ---- | C] () -- C:\Users\Christina\Documents\Acesulfam%20K.pdf
[2013/05/21 20:45:40 | 000,418,254 | ---- | C] () -- C:\Users\Christina\Documents\alle%20einzel.pdf
[2013/05/21 20:45:40 | 000,191,496 | ---- | C] () -- C:\Users\Christina\Documents\Allergene[1].pdf
[2013/05/21 20:45:40 | 000,191,496 | ---- | C] () -- C:\Users\Christina\Documents\Allergene.pdf
[2013/05/21 20:45:40 | 000,185,453 | ---- | C] () -- C:\Users\Christina\Documents\Anlage%201[2].pdf
[2013/05/21 20:45:40 | 000,185,453 | ---- | C] () -- C:\Users\Christina\Documents\Anlage%201[1].pdf
[2013/05/21 20:45:40 | 000,185,453 | ---- | C] () -- C:\Users\Christina\Documents\Anlage%201.pdf
[2013/05/21 20:45:40 | 000,184,633 | ---- | C] () -- C:\Users\Christina\Documents\Anlage%202.pdf
[2013/05/21 20:45:40 | 000,019,718 | ---- | C] () -- C:\Users\Christina\Documents\altklausur%20biochemie%20ern%C3%A4hrungslehre%20WS2010.pdf
[2013/05/21 20:45:39 | 001,273,466 | ---- | C] () -- C:\Users\Christina\Documents\Acesulfam%20K-Nachweisgrenze_Syst.III.pdf
[2013/05/21 20:45:39 | 000,663,706 | ---- | C] () -- C:\Users\Christina\Documents\20110125gesamtlaufHPLC1.pdf
[2013/05/21 20:45:39 | 000,056,578 | ---- | C] () -- C:\Users\Christina\Documents\27_06_12_Dulcin_auf_Konsi.pdf
[2013/05/21 20:45:39 | 000,020,222 | ---- | C] () -- C:\Users\Christina\Documents\26_06_2012_Serotonin_auf_Antiox.pdf
[2013/05/21 20:45:39 | 000,017,187 | ---- | C] () -- C:\Users\Christina\Documents\27_06_12_Aspartam_auf_Antiox[1].pdf
[2013/05/21 20:45:39 | 000,017,187 | ---- | C] () -- C:\Users\Christina\Documents\27_06_12_Aspartam_auf_Antiox.pdf
[2013/05/21 20:45:39 | 000,016,601 | ---- | C] () -- C:\Users\Christina\Documents\27_06_12_Dulcin_auf_Antiox[2].pdf
[2013/05/21 20:45:39 | 000,016,601 | ---- | C] () -- C:\Users\Christina\Documents\27_06_12_Dulcin_auf_Antiox[1].pdf
[2013/05/21 20:45:39 | 000,016,601 | ---- | C] () -- C:\Users\Christina\Documents\27_06_12_Dulcin_auf_Antiox.pdf
[2013/05/21 20:45:39 | 000,016,554 | ---- | C] () -- C:\Users\Christina\Documents\27_06_12_AcesulfamK_auf_antiox.pdf
[2013/05/21 20:45:39 | 000,016,462 | ---- | C] () -- C:\Users\Christina\Documents\27_06_12_Saccharin_auf_Antiox.pdf
[2013/05/21 20:45:38 | 000,501,069 | ---- | C] () -- C:\Users\Christina\Documents\1%2B1%20S.1.pdf
[2013/05/21 20:45:38 | 000,272,854 | ---- | C] () -- C:\Users\Christina\Documents\%EF%BF%BDBERWA~4.pdf
[2013/05/21 20:45:38 | 000,154,397 | ---- | C] () -- C:\Users\Christina\Documents\2011%20wrp%20Heft%204%2C%20BGH%20Glucosamin%20%26%20Co.pdf
[2013/05/21 20:45:38 | 000,128,100 | ---- | C] () -- C:\Users\Christina\Documents\%EF%BF%BDBERWA~2[2].pdf
[2013/05/21 20:45:38 | 000,128,100 | ---- | C] () -- C:\Users\Christina\Documents\%EF%BF%BDBERWA~2[1].pdf
[2013/05/21 20:45:38 | 000,128,100 | ---- | C] () -- C:\Users\Christina\Documents\%EF%BF%BDBERWA~2.pdf
[2013/05/21 20:45:38 | 000,078,083 | ---- | C] () -- C:\Users\Christina\Documents\%EF%BF%BDBERWA~3.pdf
[2013/05/21 20:45:37 | 001,076,627 | ---- | C] () -- C:\Users\Christina\Documents\%C3%96ko-LMs.pdf
[2013/05/15 18:10:23 | 000,000,151 | ---- | C] () -- C:\ProgramData\qlinf.reg
[2013/05/15 18:10:23 | 000,000,055 | ---- | C] () -- C:\ProgramData\qlinf.bat
[2013/05/15 18:10:22 | 095,023,320 | ---- | C] () -- C:\ProgramData\qlinf.pad
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/09/16 21:46:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/16 14:02:55 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/06/18 15:33:33 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Dropbox
[2013/05/24 10:28:02 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\DVDVideoSoft
[2013/05/22 17:32:50 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\EndNote
[2013/06/09 12:53:37 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Samsung
[2013/06/18 14:54:26 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Spotify
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2430E4FC
< End of report >
Extra.txt Code:
ATTFilter OTL Extras logfile created on: 6/18/2013 3:10:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.85 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 42.44% Memory free
7.71 Gb Paging File | 5.44 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 112.00 Gb Total Space | 3.76 Gb Free Space | 3.36% Space Free | Partition Type: NTFS
Drive D: | 165.99 Gb Total Space | 165.50 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
Computer Name: R247097 | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05653917-6364-4E03-AD6F-0334F55BD3C0}" = lport=137 | protocol=17 | dir=in | app=system |
"{2AF358EE-954A-46D0-9940-6D8A23EAE1E1}" = rport=445 | protocol=6 | dir=out | app=system |
"{65DE1AC9-37E6-483D-BA3D-B733528D31DD}" = rport=139 | protocol=6 | dir=out | app=system |
"{6891CF6B-224D-451F-B616-5D77FEB8AB6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{82A0184D-800F-46A7-B99C-6C549BD56318}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8A612414-687B-4FD2-B2CF-6C6E75957F55}" = lport=139 | protocol=6 | dir=in | app=system |
"{AD281432-B033-44C1-A697-359D437BBDE7}" = lport=138 | protocol=17 | dir=in | app=system |
"{B39F758F-3FB2-4949-91F2-8610E3B5DDFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D313AE16-7F22-488F-8CBD-8176B979E8F8}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3A3F214-E31B-47B9-8C15-90A796BD63DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0EDBD07-4E94-419A-92BD-E1E562FC7A9D}" = rport=138 | protocol=17 | dir=out | app=system |
"{E411663B-BC3E-42E4-AD9B-FE3EDE68237E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0FA784F-B08F-4F4C-B535-7B728982C46F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F81C95E5-80AB-4A5F-AC6D-25E9036EA5C2}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{127AF4DD-6000-4B3B-A37D-F2B6B4E0006F}" = protocol=17 | dir=in | app=c:\users\christina\appdata\roaming\dropbox\bin\dropbox.exe |
"{22986735-1EDB-444E-90E5-0199F349FF75}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3059F974-4A92-4F5B-92DE-77213E97B4CD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3E954C78-9DA9-4CE2-8F37-6FC27D929BCD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5D4AAD98-DE6E-4E09-863D-420723D2DB4E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5D5EAA7E-B982-4FD7-839D-0B46F85522C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6ACCF8C0-AB4A-42B0-92E8-D8377B530334}" = protocol=6 | dir=in | app=c:\users\christina\appdata\roaming\dropbox\bin\dropbox.exe |
"{7A379C36-ACDE-4FDB-8133-CC531960A4F5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8C298F23-1440-4517-A974-825695302B3B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E0E4F26E-F444-47B2-A177-D50D0B2624AE}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{E4DD74AB-5A20-413E-8ED5-EA086E62866C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F829CFB1-6AAE-4E77-8257-E0822E4EAEDB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{10D2CC54-14E3-4939-AB62-B178E7B4E42B}C:\users\christina\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christina\appdata\roaming\spotify\spotify.exe |
"TCP Query User{7CDC784F-F449-46D9-898E-A1D7893FD1E1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{28C6488C-0206-4E22-9C01-B748878CCC05}C:\users\christina\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christina\appdata\roaming\spotify\spotify.exe |
"UDP Query User{774F29F8-9D37-4A7C-B8EF-5139E47FADA1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E63D8961-0BA9-4CF3-9E94-407ACA42846C}" = SpyHunter
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F82D3110-2996-B896-9ADC-394C18071095}" = ccc-utility64
"{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}" = ATI Catalyst Install Manager
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{058E7BC0-15C3-D5F6-FD8D-34E4B44E4F82}" = CCC Help Thai
"{085C9E07-E122-DECF-350D-5CB3594EC54D}" = Catalyst Control Center Graphics Previews Common
"{08B67A13-8501-48CB-B747-9D413BDC4594}" = BatteryLifeExtender
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{11A5DA06-82B8-B47C-B6A9-6BFA8008108C}" = CCC Help Dutch
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{283EFC5E-041A-4AC7-8824-2F33695EBC11}" = CCC Help Korean
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D4E3A20-01D9-713F-2CD5-15FBD9312F28}" = CCC Help Chinese Traditional
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E6EE352-C3CB-49F3-8E8F-7D2ECD851025}" = Xcalibur
"{31CABF76-F113-30F6-1BF1-19CA660C72B4}" = CCC Help Finnish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43609114-F9B7-48AA-BAAC-F320BB5E88DD}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4A87034C-621A-DAC1-D7C3-FB9102A453D4}" = CCC Help Japanese
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FBB6BFD-774C-E86B-84E6-23C08FD76C0C}" = Catalyst Control Center Graphics Light
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6BCE77FA-82A3-E502-0956-AA9AE0E169D0}" = CCC Help English
"{7363206E-C7BD-45CD-89A0-792B28409811}_is1" = MB-Ruler
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{78FDD286-2C51-17B5-22BC-DA769D237E1A}" = CCC Help Swedish
"{79B0F7B2-31BD-D377-CCA2-F647601283C0}" = CCC Help Polish
"{80059A57-F141-5556-7FA2-CD97EB8A05F9}" = CCC Help Danish
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{983D01A7-FD14-5F70-9A46-3DBE1C0A3FFF}" = Catalyst Control Center InstallProxy
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C51C947-7E8D-3EEB-6087-276446E4914C}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B1FA9E3F-86F3-136A-84DA-809A40458243}" = CCC Help Russian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7FB9C80-A61F-6BFE-7F93-C493AC3F9E91}" = CCC Help Turkish
"{B91B9BD2-C3D1-2632-26C9-170EB39CADAC}" = CCC Help Greek
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD8D4FE1-8E1D-2D41-ED33-3E2B64ED3AF3}" = CCC Help Chinese Standard
"{C28CE716-3F07-528A-6CC8-FDF2865BCAAF}" = ccc-core-static
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9F9C082-A19F-9672-4F78-CC93F363A07D}" = CCC Help Norwegian
"{CEF185AA-392D-82EF-339B-F36547C0D9F8}" = Catalyst Control Center Core Implementation
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1886477-86CD-8365-CE96-42AD6F950ED0}" = CCC Help Italian
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D1FAD629-67C3-B9D5-FD06-73A4EF76528A}" = CCC Help Portuguese
"{D3873CF8-9608-402B-88AD-D73B5FFAAED8}" = capella 7
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D53D7F78-94AC-CE27-199E-5F509437C7E6}" = Catalyst Control Center Graphics Previews Vista
"{D55BE2BD-14D6-E8AA-A1C0-519C50E28EB2}" = Catalyst Control Center Graphics Full Existing
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E91CD838-0ED0-0BCD-ECAF-1A089F1A27E5}" = CCC Help Czech
"{EF1E3D76-6F52-3F63-6848-346ACD86096D}" = CCC Help German
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B13553-B3CA-76A9-182A-9E352F4EB749}" = Catalyst Control Center Graphics Full New
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6340C10-589F-7D1E-1819-2F8CF6247505}" = CCC Help French
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FFE45CD9-4070-78E3-5794-8575B389336E}" = Catalyst Control Center Localization All
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"ALDI Sued Fotoservice_is1" = Aldi Sued Fotoservice 2.7
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DivX Setup" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"GC_Deploy_0" = GC Image 2.2b4 GCxGC
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIST 08 MS Library and AMDIS 2.65" = NIST 08 MS Library and AMDIS 2.65
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/21/2013 2:23:44 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1500
Description = Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil
nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht
und das Netzwerk ordnungsgemäß funktioniert. Details - Nur ein Teil der ReadProcessMemory-
oder WriteProcessMemory-Anforderung wurde abgeschlossen.
Error - 5/21/2013 2:23:58 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung
dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error - 5/21/2013 2:23:58 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem
temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen,
gehen bei der Abmeldung verloren.
Error - 5/21/2013 2:24:48 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1500
Description = Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil
nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht
und das Netzwerk ordnungsgemäß funktioniert. Details - Es steht nicht genug Speicherplatz
auf dem Datenträger zur Verfügung.
Error - 5/21/2013 2:35:07 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem
temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen,
gehen bei der Abmeldung verloren.
Error - 5/21/2013 2:35:07 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1500
Description = Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil
nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht
und das Netzwerk ordnungsgemäß funktioniert. Details - Nur ein Teil der ReadProcessMemory-
oder WriteProcessMemory-Anforderung wurde abgeschlossen.
Error - 5/21/2013 2:35:12 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem
temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen,
gehen bei der Abmeldung verloren.
Error - 5/21/2013 2:35:12 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1500
Description = Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil
nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht
und das Netzwerk ordnungsgemäß funktioniert. Details - Nur ein Teil der ReadProcessMemory-
oder WriteProcessMemory-Anforderung wurde abgeschlossen.
Error - 5/21/2013 3:08:58 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung
dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error - 5/21/2013 3:08:58 PM | Computer Name = r247097 | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem
temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen,
gehen bei der Abmeldung verloren.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 6/18/2013 8:55:26 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
Error - 6/18/2013 8:55:27 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
Error - 6/18/2013 8:55:28 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
Error - 6/18/2013 8:55:29 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
Error - 6/18/2013 8:55:30 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
Error - 6/18/2013 8:55:31 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
Error - 6/18/2013 8:55:32 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
Error - 6/18/2013 8:55:33 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
Error - 6/18/2013 8:55:34 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
Error - 6/18/2013 8:55:35 AM | Computer Name = r247097 | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
wurde wegen Zeitüberschreitung zurückgegeben.
[ System Events ]
Error - 6/18/2013 7:22:36 AM | Computer Name = r247097 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem
Fehler beendet: %%0.
Error - 6/18/2013 7:23:17 AM | Computer Name = r247097 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Rezip erreicht.
Error - 6/18/2013 8:52:58 AM | Computer Name = r247097 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Rezip erreicht.
Error - 6/18/2013 8:55:12 AM | Computer Name = r247097 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 6/18/2013 8:55:12 AM | Computer Name = r247097 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 6/18/2013 8:55:12 AM | Computer Name = r247097 | Source = DCOM | ID = 10005
Description =
Error - 6/18/2013 8:56:08 AM | Computer Name = r247097 | Source = DCOM | ID = 10005
Description =
Error - 6/18/2013 8:56:08 AM | Computer Name = r247097 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Modules Installer erreicht.
Error - 6/18/2013 8:56:08 AM | Computer Name = r247097 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 6/18/2013 8:56:08 AM | Computer Name = r247097 | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007041d
< End of report >
|
|
18.06.2013, 15:31
| #2 |
| /// the machine /// TB-Ausbilder    | win32.downloader.gen lässt sich mit spybot nicht eliminieren Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
18.06.2013, 20:33
| #3 |
| | win32.downloader.gen lässt sich mit spybot nicht eliminieren Hey,
__________________hier die gewünschten Dateien: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2013 02
Ran by Christina (administrator) on 18-06-2013 21:21:44
Running from C:\Users\Christina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Thermo Electron Corporation) C:\Xcalibur\System\Programs\CFRDBService.exe
(Thermo Electron Corporation) C:\Xcalibur\System\Programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Xcalibur\system\programs\finSS_Server.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Windows\SysWOW64\Rezip.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\Christina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Dropbox, Inc.) C:\Users\Christina.sich\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [x]
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKCU\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKCU\...\Run: [Spotify] "C:\Users\Christina\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4573184 2013-06-11] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Christina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-06-11] (Spotify Ltd)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christina.sich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Christina.sich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Christina.sich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Christina.sich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Christina.sich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.33.254
Tcpip\..\Interfaces\{C60DE602-45B1-48F4-A158-C236BA4AC340}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ye84440f.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Search) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-31] (Avira Operations GmbH & Co. KG)
R2 CFRDBService; C:\Xcalibur\System\Programs\CFRDBService.exe [335923 2006-06-23] (Thermo Electron Corporation)
R2 FinAutoLogOff; C:\Xcalibur\System\Programs\FinAutoLogOff.exe [86068 2006-06-23] (Thermo Electron Corporation)
R2 Finnigan Security Server; C:\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-23] (Thermo Electron Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-06-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-07-16] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-07-16] (Windows (R) 2003 DDK 3790 provider)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
S3 Wibukey2_64; C:\Windows\System32\drivers\wibukey2_64.sys [16896 2009-08-07] (WIBU-SYSTEMS AG)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U3 fxldrpod; \??\C:\Users\CHRIST~2\AppData\Local\Temp\fxldrpod.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-18 21:21 - 2013-06-18 21:21 - 00000000 ____D C:\FRST
2013-06-18 21:20 - 2013-06-18 21:20 - 01928282 ____A (Farbar) C:\Users\Christina\Downloads\FRST64.exe
2013-06-18 21:16 - 2013-06-18 21:16 - 00121092 ____A C:\Users\Christina\Desktop\gmer.text.xps
2013-06-18 16:12 - 2013-06-18 16:12 - 00377856 ____A C:\Users\Christina\Downloads\gmer_2.1.19163.exe
2013-06-18 15:36 - 2013-06-18 15:36 - 00068544 ____A C:\Users\Christina\Downloads\Extras.Txt
2013-06-18 15:33 - 2013-06-18 15:33 - 00166424 ____A C:\Users\Christina\Downloads\OTL.Txt
2013-06-18 15:09 - 2013-06-18 15:09 - 00602112 ____A (OldTimer Tools) C:\Users\Christina\Downloads\OTL(1).exe
2013-06-18 15:07 - 2013-06-18 15:07 - 00000480 ____A C:\Users\Christina\Downloads\defogger_disable.log
2013-06-18 15:07 - 2013-06-18 15:07 - 00000000 ____A C:\Users\Christina\defogger_reenable
2013-06-18 15:05 - 2013-06-18 15:06 - 00050477 ____A C:\Users\Christina\Downloads\Defogger.exe
2013-06-18 13:22 - 2013-06-18 13:22 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-06-18 13:19 - 2013-06-18 13:19 - 00000550 ____A C:\Windows\System32\.crusader
2013-06-18 12:33 - 2013-06-18 13:21 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-18 12:31 - 2013-06-18 12:32 - 09833328 ____A (SurfRight B.V.) C:\Users\Christina\Downloads\HitmanPro_x64.exe
2013-06-18 12:17 - 2013-06-18 12:27 - 00000000 ____D C:\Users\Christina\Desktop\RK_Quarantine
2013-06-18 12:15 - 2013-06-18 12:16 - 00909824 ____A C:\Users\Christina\Downloads\RogueKiller.exe
2013-06-18 11:45 - 2013-06-18 11:45 - 00000956 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-18 11:45 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-18 11:44 - 2013-06-18 11:45 - 00000000 ____D C:\Users\Christina\Downloads\mbam-chameleon-1.62.1.1000
2013-06-18 11:44 - 2013-06-18 11:44 - 01440846 ____A C:\Users\Christina\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-06-18 11:22 - 2013-06-18 11:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Christina\Downloads\iexplore.exe.exe
2013-06-18 09:56 - 2013-06-18 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-18 09:55 - 2013-06-18 09:55 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Christina\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-06-17 11:22 - 2013-06-18 14:51 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-06-17 11:22 - 2013-06-17 11:22 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-17 10:34 - 2013-06-18 14:10 - 00000000 ____D C:\Program Files (x86)\Win 32. Downloader . Gen Removal Tool
2013-06-17 10:34 - 2012-12-10 10:04 - 00356352 ____A (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2013-06-17 10:34 - 2012-12-10 10:04 - 00081920 ____A (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2013-06-17 10:34 - 2009-07-23 17:32 - 01122304 ____A (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2013-06-17 10:34 - 2009-07-23 17:32 - 00274432 ____A (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2013-06-17 10:30 - 2013-06-17 10:30 - 02712264 ____A (Security Stronghold ) C:\Users\Christina\Downloads\Win32.Downloader.GenRemovalTool.exe
2013-06-17 10:26 - 2013-06-17 10:27 - 05049344 ____A (Crawler.com ) C:\Users\Christina\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-06-11 19:33 - 2013-06-11 23:37 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Skype
2013-06-11 10:40 - 2013-06-11 23:37 - 00000000 ____D C:\Users\Christina\AppData\Local\Spotify
2013-06-11 10:40 - 2013-06-11 10:40 - 00001787 ____A C:\Users\Christina\Desktop\Spotify.lnk
2013-06-11 10:39 - 2013-06-18 14:54 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Spotify
2013-06-11 10:38 - 2013-06-11 10:39 - 00092776 ____A (Spotify Ltd) C:\Users\Christina\Downloads\SpotifySetup.exe
2013-06-09 20:53 - 2013-06-09 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-09 13:13 - 2013-06-09 13:13 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-09 13:10 - 2013-06-09 13:10 - 00002006 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-09 13:09 - 2013-04-03 09:58 - 01919168 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01005.dll
2013-06-09 13:09 - 2013-04-03 09:58 - 01919168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfCoInstaller01005.dll
2013-06-09 13:09 - 2013-04-03 09:58 - 00188232 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdm.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00169288 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadbus.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00158024 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadserd.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00038080 ____A (Google Inc) C:\Windows\System32\Drivers\ssadadb.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00021320 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdfl.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00017736 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadwhnt.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00017736 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadwh.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00017224 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadcmnt.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00017224 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadcm.sys
2013-06-09 13:07 - 2013-04-18 12:09 - 00233472 ____A (Teruten) C:\Windows\SysWOW64\FsUsbExService.Exe
2013-06-09 13:07 - 2013-04-18 12:09 - 00037344 ____A C:\Windows\SysWOW64\FsUsbExDisk.Sys
2013-06-09 13:07 - 2011-12-23 21:59 - 00110592 ____A () C:\Windows\SysWOW64\FsUsbExDevice.Dll
2013-06-09 12:55 - 2013-06-09 12:55 - 00000000 ____D C:\Users\Christina\AppData\Local\Samsung
2013-06-09 12:53 - 2013-06-09 12:53 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Samsung
2013-06-07 19:40 - 2013-06-07 19:41 - 00000000 ____D C:\Users\Christina\AppData\Roaming\DivX
2013-06-07 19:40 - 2013-06-07 19:40 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Google
2013-06-07 10:02 - 2013-06-07 10:02 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 10:02 - 2013-06-07 10:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 10:02 - 2013-06-07 10:02 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-07 10:02 - 2013-06-07 10:02 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-07 10:02 - 2013-06-07 10:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-07 10:02 - 2013-06-07 10:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-07 10:02 - 2013-06-07 10:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-07 10:02 - 2013-06-07 10:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-07 10:02 - 2013-06-07 10:02 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-07 10:02 - 2013-06-07 10:02 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-07 10:02 - 2013-06-07 10:02 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-07 09:57 - 2013-06-07 09:57 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 09:48 - 2013-06-07 10:14 - 00011299 ____A C:\Windows\IE10_main.log
2013-05-24 10:58 - 2013-05-24 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 10:27 - 2013-05-24 10:28 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-05-24 10:20 - 2013-05-24 10:23 - 24963016 ____A (DVDVideoSoft Ltd. ) C:\Users\Christina\Downloads\FreeYouTubeToMP3Converter(11).exe
2013-05-24 10:20 - 2013-05-24 10:22 - 24963016 ____A (DVDVideoSoft Ltd. ) C:\Users\Christina\Downloads\FreeYouTubeToMP3Converter(10).exe
2013-05-24 10:18 - 2013-05-24 10:28 - 00000000 ____D C:\Users\Christina\AppData\Roaming\DVDVideoSoft
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Users\Christina\AppData\Roaming\EndNote
2013-05-22 10:52 - 2013-05-22 10:52 - 00000000 ____D C:\Users\Christina\AppData\Local\Adobe
2013-05-21 23:41 - 2013-05-21 23:41 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-21 23:41 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-21 23:41 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-21 23:41 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-21 23:32 - 2013-06-18 21:24 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Dropbox
2013-05-21 22:44 - 2013-06-18 09:46 - 00000000 ____D C:\Users\Christina\AppData\Local\Google
2013-05-21 22:38 - 2013-05-21 22:38 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Malwarebytes
2013-05-21 22:26 - 2013-05-21 22:28 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Christina\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-21 21:26 - 2013-05-22 10:52 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Adobe
2013-05-21 21:26 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Macromedia
2013-05-21 21:26 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Local\Macromedia
2013-05-21 21:23 - 2013-05-21 21:23 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Mozilla
2013-05-21 21:23 - 2013-05-21 21:23 - 00000000 ____D C:\Users\Christina\AppData\Local\Mozilla
2013-05-21 21:22 - 2013-06-11 10:41 - 00000000 ____D C:\Users\Christina\Desktop\Word
2013-05-21 21:18 - 2013-05-21 21:18 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Avira
2013-05-21 21:13 - 2013-05-21 21:13 - 00117072 ____A C:\Users\Christina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-21 21:13 - 2013-05-21 21:13 - 00000000 ____D C:\Users\Christina\AppData\Roaming\ATI
2013-05-21 21:13 - 2013-05-21 21:13 - 00000000 ____D C:\Users\Christina\AppData\Local\ATI
2013-05-21 21:12 - 2013-06-18 15:07 - 00000000 ____D C:\users\Christina
2013-05-21 21:12 - 2013-05-22 17:34 - 00000000 ____D C:\Users\Christina\AppData\Local\Microsoft Help
2013-05-21 21:12 - 2013-05-21 21:12 - 00000020 ___SH C:\Users\Christina\ntuser.ini
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Vorlagen
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Startmenü
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Netzwerkumgebung
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Lokale Einstellungen
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Eigene Dateien
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Druckumgebung
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Documents\Eigene Musik
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Documents\Eigene Bilder
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\AppData\Local\Verlauf
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\AppData\Local\Anwendungsdaten
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Anwendungsdaten
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 ____D C:\Users\Christina\AppData\Local\VirtualStore
2013-05-21 20:54 - 2013-05-21 21:06 - 00000000 ___RD C:\Users\Christina.sich2\Dropbox
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\SoftGrid Client
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Samsung
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Mozilla
2013-05-21 20:48 - 2013-06-09 12:55 - 00000000 ____D C:\Users\Christina\Documents\SelfMV
2013-05-21 20:48 - 2013-05-21 20:48 - 00000000 ____D C:\Users\Christina\Documents\Youcam
2013-05-21 20:47 - 2013-05-24 10:18 - 00000000 ____D C:\Users\Christina\Documents\DVDVideoSoft
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\samsung
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\OneNote-Notizbücher
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\Citavi 3
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\capella
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\TuneUp Software
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Swiss Academic Software
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Macromedia
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Google
2013-05-21 20:47 - 2013-03-26 00:18 - 00000328 ____A C:\Users\Christina\Documents\UserStl.sk
2013-05-21 20:47 - 2013-03-25 23:52 - 00000000 ____A C:\Users\Christina\Documents\UserLab.sk
2013-05-21 20:47 - 2010-11-23 22:30 - 00001921 ____A C:\Users\Christina\Documents\template.cfg
2013-05-21 20:47 - 2010-09-16 19:39 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\TP
2013-05-21 20:46 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\SoftGrid Client
2013-05-21 20:46 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\skypePM
2013-05-21 20:46 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Skype
2013-05-21 20:46 - 2013-04-14 15:24 - 00000619 ____A C:\Users\Christina\Documents\grstyles.stl
2013-05-21 20:46 - 2013-03-26 22:26 - 00000009 ____A C:\Users\Christina\Documents\LastLab.sk
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Samsung
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\pdfforge
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\OpenOffice.org
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\OpenCandy
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Mozilla
2013-05-21 20:45 - 2013-03-25 23:52 - 00000203 ____A C:\Users\Christina\Documents\BasicLab.sk
2013-05-21 20:44 - 2013-05-21 21:08 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Dropbox
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\MB-Ruler
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Malwarebytes
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Macromedia
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Google
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DVDVideoSoftIEHelpers
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DVDVideoSoft
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DivX
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\capella-software
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Avira
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Audacity
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Advanced Chemistry Development
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Adobe
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Downloaded Installations
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\DDMSettings
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Cisco
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Adobe
2013-05-21 20:44 - 2013-02-01 12:55 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\EndNote
2013-05-21 20:44 - 2012-11-05 21:25 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Conduit
2013-05-21 20:42 - 2013-05-21 20:42 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\ATI
2013-05-21 20:42 - 2013-05-21 20:42 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\ATI
2013-05-21 20:42 - 2012-12-16 21:34 - 00117072 ____A C:\Users\Christina.sich2\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-21 20:41 - 2013-05-21 21:16 - 00000000 ____D C:\users\Christina.sich2
2013-05-21 20:41 - 2013-05-21 20:53 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\VirtualStore
2013-05-21 20:41 - 2013-05-21 20:41 - 00000020 __ASH C:\Users\Christina.sich2\ntuser.ini
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Vorlagen
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Startmenü
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Netzwerkumgebung
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Lokale Einstellungen
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Eigene Dateien
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Druckumgebung
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\AppData\Local\Verlauf
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\AppData\Local\Anwendungsdaten
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Anwendungsdaten
2013-05-21 20:41 - 2013-03-14 09:18 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Microsoft Help
2013-05-19 13:44 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-19 13:44 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-19 13:44 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-19 13:44 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-19 13:44 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-19 13:44 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-19 13:44 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-19 13:44 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-19 13:44 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-19 13:44 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-19 13:44 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-19 13:44 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-19 13:44 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-19 13:44 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
==================== One Month Modified Files and Folders =======
2013-06-18 21:24 - 2013-05-21 23:32 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Dropbox
2013-06-18 21:21 - 2013-06-18 21:21 - 00000000 ____D C:\FRST
2013-06-18 21:20 - 2013-06-18 21:20 - 01928282 ____A (Farbar) C:\Users\Christina\Downloads\FRST64.exe
2013-06-18 21:17 - 2011-12-17 22:17 - 00000272 ____A C:\Windows\Tasks\AutoKMS.job
2013-06-18 21:16 - 2013-06-18 21:16 - 00121092 ____A C:\Users\Christina\Desktop\gmer.text.xps
2013-06-18 20:51 - 2012-08-16 09:16 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 20:42 - 2012-02-19 13:47 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-18 16:39 - 2010-06-01 03:03 - 01815802 ____A C:\Windows\WindowsUpdate.log
2013-06-18 16:12 - 2013-06-18 16:12 - 00377856 ____A C:\Users\Christina\Downloads\gmer_2.1.19163.exe
2013-06-18 15:36 - 2013-06-18 15:36 - 00068544 ____A C:\Users\Christina\Downloads\Extras.Txt
2013-06-18 15:33 - 2013-06-18 15:33 - 00166424 ____A C:\Users\Christina\Downloads\OTL.Txt
2013-06-18 15:09 - 2013-06-18 15:09 - 00602112 ____A (OldTimer Tools) C:\Users\Christina\Downloads\OTL(1).exe
2013-06-18 15:07 - 2013-06-18 15:07 - 00000480 ____A C:\Users\Christina\Downloads\defogger_disable.log
2013-06-18 15:07 - 2013-06-18 15:07 - 00000000 ____A C:\Users\Christina\defogger_reenable
2013-06-18 15:07 - 2013-05-21 21:12 - 00000000 ____D C:\users\Christina
2013-06-18 15:06 - 2013-06-18 15:05 - 00050477 ____A C:\Users\Christina\Downloads\Defogger.exe
2013-06-18 15:04 - 2009-07-14 06:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 15:04 - 2009-07-14 06:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 14:54 - 2013-06-11 10:39 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Spotify
2013-06-18 14:53 - 2012-02-19 13:47 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-18 14:53 - 2011-08-09 17:25 - 00000000 ___RD C:\Users\Christina\Dropbox
2013-06-18 14:52 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 14:52 - 2009-07-14 06:51 - 00070467 ____A C:\Windows\setupact.log
2013-06-18 14:51 - 2013-06-17 11:22 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-06-18 14:51 - 2010-06-01 03:54 - 00814012 ____A C:\Windows\PFRO.log
2013-06-18 14:10 - 2013-06-17 10:34 - 00000000 ____D C:\Program Files (x86)\Win 32. Downloader . Gen Removal Tool
2013-06-18 13:22 - 2013-06-18 13:22 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-06-18 13:21 - 2013-06-18 12:33 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-18 13:19 - 2013-06-18 13:19 - 00000550 ____A C:\Windows\System32\.crusader
2013-06-18 12:32 - 2013-06-18 12:31 - 09833328 ____A (SurfRight B.V.) C:\Users\Christina\Downloads\HitmanPro_x64.exe
2013-06-18 12:27 - 2013-06-18 12:17 - 00000000 ____D C:\Users\Christina\Desktop\RK_Quarantine
2013-06-18 12:16 - 2013-06-18 12:15 - 00909824 ____A C:\Users\Christina\Downloads\RogueKiller.exe
2013-06-18 11:45 - 2013-06-18 11:45 - 00000956 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-18 11:45 - 2013-06-18 11:44 - 00000000 ____D C:\Users\Christina\Downloads\mbam-chameleon-1.62.1.1000
2013-06-18 11:45 - 2013-06-18 09:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-18 11:44 - 2013-06-18 11:44 - 01440846 ____A C:\Users\Christina\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-06-18 11:29 - 2010-06-01 03:30 - 00000000 ____D C:\Program Files\Google
2013-06-18 11:23 - 2013-06-18 11:22 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Christina\Downloads\iexplore.exe.exe
2013-06-18 09:55 - 2013-06-18 09:55 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Christina\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-06-18 09:46 - 2013-05-21 22:44 - 00000000 ____D C:\Users\Christina\AppData\Local\Google
2013-06-18 09:46 - 2010-06-01 03:29 - 00000000 ____D C:\ProgramData\Google
2013-06-18 09:35 - 2010-09-23 08:04 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-17 17:15 - 2009-07-14 07:13 - 01527722 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-17 11:22 - 2013-06-17 11:22 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-17 10:30 - 2013-06-17 10:30 - 02712264 ____A (Security Stronghold ) C:\Users\Christina\Downloads\Win32.Downloader.GenRemovalTool.exe
2013-06-17 10:27 - 2013-06-17 10:26 - 05049344 ____A (Crawler.com ) C:\Users\Christina\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-06-17 09:55 - 2012-08-16 09:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-17 09:55 - 2011-06-18 10:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-17 09:47 - 2010-06-01 19:30 - 00654400 ____A C:\Windows\System32\perfh007.dat
2013-06-17 09:47 - 2010-06-01 19:30 - 00130240 ____A C:\Windows\System32\perfc007.dat
2013-06-11 23:37 - 2013-06-11 19:33 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Skype
2013-06-11 23:37 - 2013-06-11 10:40 - 00000000 ____D C:\Users\Christina\AppData\Local\Spotify
2013-06-11 19:33 - 2010-06-01 03:13 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-11 19:33 - 2010-06-01 03:12 - 00000000 ____D C:\ProgramData\Skype
2013-06-11 10:41 - 2013-05-21 21:22 - 00000000 ____D C:\Users\Christina\Desktop\Word
2013-06-11 10:40 - 2013-06-11 10:40 - 00001787 ____A C:\Users\Christina\Desktop\Spotify.lnk
2013-06-11 10:39 - 2013-06-11 10:38 - 00092776 ____A (Spotify Ltd) C:\Users\Christina\Downloads\SpotifySetup.exe
2013-06-09 20:53 - 2013-06-09 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-09 13:13 - 2013-06-09 13:13 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-09 13:10 - 2013-06-09 13:10 - 00002006 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-09 12:56 - 2011-01-22 14:28 - 00000000 ____D C:\Users\Christina\Desktop\Bilder
2013-06-09 12:55 - 2013-06-09 12:55 - 00000000 ____D C:\Users\Christina\AppData\Local\Samsung
2013-06-09 12:55 - 2013-05-21 20:48 - 00000000 ____D C:\Users\Christina\Documents\SelfMV
2013-06-09 12:53 - 2013-06-09 12:53 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Samsung
2013-06-07 19:41 - 2013-06-07 19:40 - 00000000 ____D C:\Users\Christina\AppData\Roaming\DivX
2013-06-07 19:40 - 2013-06-07 19:40 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Google
2013-06-07 10:31 - 2012-05-12 12:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-07 10:14 - 2013-06-07 09:48 - 00011299 ____A C:\Windows\IE10_main.log
2013-06-07 10:02 - 2013-06-07 10:02 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 10:02 - 2013-06-07 10:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 10:02 - 2013-06-07 10:02 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-07 10:02 - 2013-06-07 10:02 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-07 10:02 - 2013-06-07 10:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-07 10:02 - 2013-06-07 10:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-07 10:02 - 2013-06-07 10:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-07 10:02 - 2013-06-07 10:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-07 10:02 - 2013-06-07 10:02 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-07 10:02 - 2013-06-07 10:02 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-07 10:02 - 2013-06-07 10:02 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-07 09:57 - 2013-06-07 09:57 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 09:50 - 2012-02-19 13:50 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-24 10:58 - 2013-05-24 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 10:28 - 2013-05-24 10:27 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-05-24 10:28 - 2013-05-24 10:18 - 00000000 ____D C:\Users\Christina\AppData\Roaming\DVDVideoSoft
2013-05-24 10:28 - 2013-02-10 12:22 - 00001402 ____A C:\Users\Christina\Desktop\Free YouTube to MP3 Converter.lnk
2013-05-24 10:23 - 2013-05-24 10:20 - 24963016 ____A (DVDVideoSoft Ltd. ) C:\Users\Christina\Downloads\FreeYouTubeToMP3Converter(11).exe
2013-05-24 10:22 - 2013-05-24 10:20 - 24963016 ____A (DVDVideoSoft Ltd. ) C:\Users\Christina\Downloads\FreeYouTubeToMP3Converter(10).exe
2013-05-24 10:18 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\DVDVideoSoft
2013-05-22 17:34 - 2013-05-21 21:12 - 00000000 ____D C:\Users\Christina\AppData\Local\Microsoft Help
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Users\Christina\AppData\Roaming\EndNote
2013-05-22 10:52 - 2013-05-22 10:52 - 00000000 ____D C:\Users\Christina\AppData\Local\Adobe
2013-05-22 10:52 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Adobe
2013-05-22 10:52 - 2013-04-23 13:47 - 00000000 ____D C:\Users\Christina\Desktop\Bewerbung
2013-05-21 23:41 - 2013-05-21 23:41 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-21 23:41 - 2013-03-24 20:23 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-21 23:32 - 2011-08-09 17:25 - 00001398 ____A C:\Users\Christina\Desktop\Dropbox.lnk
2013-05-21 23:29 - 2010-09-16 14:00 - 00000000 ____D C:\users\Christina.sich
2013-05-21 22:38 - 2013-05-21 22:38 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Malwarebytes
2013-05-21 22:28 - 2013-05-21 22:26 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Christina\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-21 21:26 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Macromedia
2013-05-21 21:26 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Local\Macromedia
2013-05-21 21:23 - 2013-05-21 21:23 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Mozilla
2013-05-21 21:23 - 2013-05-21 21:23 - 00000000 ____D C:\Users\Christina\AppData\Local\Mozilla
2013-05-21 21:18 - 2013-05-21 21:18 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Avira
2013-05-21 21:16 - 2013-05-21 20:41 - 00000000 ____D C:\users\Christina.sich2
2013-05-21 21:13 - 2013-05-21 21:13 - 00117072 ____A C:\Users\Christina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-21 21:13 - 2013-05-21 21:13 - 00000000 ____D C:\Users\Christina\AppData\Roaming\ATI
2013-05-21 21:13 - 2013-05-21 21:13 - 00000000 ____D C:\Users\Christina\AppData\Local\ATI
2013-05-21 21:12 - 2013-05-21 21:12 - 00000020 ___SH C:\Users\Christina\ntuser.ini
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Vorlagen
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Startmenü
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Netzwerkumgebung
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Lokale Einstellungen
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Eigene Dateien
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Druckumgebung
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Documents\Eigene Musik
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Documents\Eigene Bilder
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\AppData\Local\Verlauf
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\AppData\Local\Anwendungsdaten
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Anwendungsdaten
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 ____D C:\Users\Christina\AppData\Local\VirtualStore
2013-05-21 21:08 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Dropbox
2013-05-21 21:06 - 2013-05-21 20:54 - 00000000 ___RD C:\Users\Christina.sich2\Dropbox
2013-05-21 20:58 - 2010-09-16 19:55 - 00000000 ____D C:\Windows\pss
2013-05-21 20:53 - 2013-05-21 20:41 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\VirtualStore
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\SoftGrid Client
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Samsung
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Mozilla
2013-05-21 20:48 - 2013-05-21 20:48 - 00000000 ____D C:\Users\Christina\Documents\Youcam
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\samsung
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\OneNote-Notizbücher
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\Citavi 3
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\capella
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\TuneUp Software
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Swiss Academic Software
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Macromedia
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Google
2013-05-21 20:47 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\SoftGrid Client
2013-05-21 20:46 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\skypePM
2013-05-21 20:46 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Skype
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Samsung
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\pdfforge
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\OpenOffice.org
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\OpenCandy
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Mozilla
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\MB-Ruler
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Malwarebytes
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Macromedia
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Google
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DVDVideoSoftIEHelpers
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DVDVideoSoft
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DivX
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\capella-software
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Avira
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Audacity
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Advanced Chemistry Development
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Adobe
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Downloaded Installations
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\DDMSettings
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Cisco
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Adobe
2013-05-21 20:42 - 2013-05-21 20:42 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\ATI
2013-05-21 20:42 - 2013-05-21 20:42 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\ATI
2013-05-21 20:41 - 2013-05-21 20:41 - 00000020 __ASH C:\Users\Christina.sich2\ntuser.ini
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Vorlagen
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Startmenü
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Netzwerkumgebung
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Lokale Einstellungen
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Eigene Dateien
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Druckumgebung
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\AppData\Local\Verlauf
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\AppData\Local\Anwendungsdaten
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Anwendungsdaten
2013-05-21 20:34 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-05-20 18:12 - 2009-07-14 06:45 - 00437632 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-19 14:07 - 2010-09-16 19:41 - 00000000 ____D C:\ProgramData\Microsoft Help
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\ProgramData\qlinf.bat
C:\ProgramData\qlinf.pad
C:\ProgramData\qlinf.reg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-05-14 02:43
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2013 02 Ran by Christina at 2013-06-18 21:24:37 Run: Running from C:\Users\Christina\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ACD/Labs Software in C:\ACDFREE12\ (Version: v12.00, FREE) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Aldi Süd Foto Service 4.6 (Version: 4.6) ALDI Süd Online Druck Service 4.6 (Version: 4.6) Aldi Sued Fotoservice 2.7 Alice Greenfingers Atheros Client Installation Program (Version: 1.0.2.1119) ATI Catalyst Install Manager (Version: 3.0.774.0) Audacity 2.0.2 (Version: 2.0.2) Avira Free Antivirus (Version: 13.0.0.3640) BatteryLifeExtender (Version: 1.0.3) Bonbon Quest Broadcom 802.11 Network Adapter (Version: 5.60.48.44) Cake Mania capella 7 (Version: 7.1.13) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Full Existing (Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Full New (Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Light (Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Previews Common (Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Previews Vista (Version: 2010.0504.2152.37420) Catalyst Control Center InstallProxy (Version: 2010.0504.2152.37420) Catalyst Control Center Localization All (Version: 2010.0504.2152.37420) CCC Help Chinese Standard (Version: 2010.0504.2151.37420) CCC Help Chinese Traditional (Version: 2010.0504.2151.37420) CCC Help Czech (Version: 2010.0504.2151.37420) CCC Help Danish (Version: 2010.0504.2151.37420) CCC Help Dutch (Version: 2010.0504.2151.37420) CCC Help English (Version: 2010.0504.2151.37420) CCC Help Finnish (Version: 2010.0504.2151.37420) CCC Help French (Version: 2010.0504.2151.37420) CCC Help German (Version: 2010.0504.2151.37420) CCC Help Greek (Version: 2010.0504.2151.37420) CCC Help Hungarian (Version: 2010.0504.2151.37420) CCC Help Italian (Version: 2010.0504.2151.37420) CCC Help Japanese (Version: 2010.0504.2151.37420) CCC Help Korean (Version: 2010.0504.2151.37420) CCC Help Norwegian (Version: 2010.0504.2151.37420) CCC Help Polish (Version: 2010.0504.2151.37420) CCC Help Portuguese (Version: 2010.0504.2151.37420) CCC Help Russian (Version: 2010.0504.2151.37420) CCC Help Spanish (Version: 2010.0504.2151.37420) CCC Help Swedish (Version: 2010.0504.2151.37420) CCC Help Thai (Version: 2010.0504.2151.37420) CCC Help Turkish (Version: 2010.0504.2151.37420) ccc-core-static (Version: 2010.0504.2152.37420) ccc-utility64 (Version: 2010.0504.2152.37420) Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026) Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026) Citavi (Version: 3.4.0.2) CyberLink YouCam (Version: 2.0.3911) Daycare Nightmare Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition DivX-Setup (Version: 2.6.1.5) Easy Content Share (Version: 1.0.0.13) Easy Display Manager (Version: 3.1) Easy Network Manager (Version: 4.3.1) Easy SpeedUp Manager (Version: 2.1.0.11) EasyBatteryManager (Version: 4.0.0.4) EndNote X6 (Version: 16.0.0.6348) ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0) Flip Words Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430) Galapago Game Pack (Version: 6.3.1.1) GC Image 2.2b4 GCxGC Gem Shop Google Chrome (Version: 27.0.1453.110) Google Update Helper (Version: 1.3.21.145) Insaniquarium Deluxe Intel(R) Rapid Storage Technology (Version: 9.6.3.1001) Intel(R) Turbo Boost Technology Driver (Version: 01.02.00.1002) Java 7 Update 21 (Version: 7.0.210) Java Auto Updater (Version: 2.1.9.5) Junk Mail filter update (Version: 14.0.8089.726) Mahjong Escape Ancient China Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Marvell Miniport Driver (Version: 11.22.3.3) MB-Ruler (Version: 5.0) McAfee Security Scan Plus (Version: 3.0.318.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 14.0.1468.721) MyFreeCodec NIST 08 MS Library and AMDIS 2.65 Norton Online Backup (Version: 2.1.13580) OpenOffice.org 3.2 (Version: 3.2.9502) PDFCreator (Version: 1.4.2) PDF-XChange Viewer (Version: 2.5.199.0) Realtek High Definition Audio Driver (Version: 6.0.1.6083) REALTEK Wireless LAN Software (Version: 0133.09.1202) ResearchSoft Direct Export Helper Samsung Kies (Version: 2.1.1.11124_17) Samsung Recovery Solution 4 (Version: 4.0.0.6) Samsung Support Center (Version: 1.0.2) Samsung Update Plus (Version: 2.0) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0) Skype Click to Call (Version: 5.9.9216) Skype™ 6.3 (Version: 6.3.105) Slingo Spotify (Version: 0.9.0.133.gd18ed589) Spybot - Search & Destroy (Version: 1.6.2) SpyHunter (Version: 4.13.6.4253) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition User Guide (Version: 1.0) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) WibuKey Setup (WibuKey Remove) (Version: Version 6.00a of 2009-Dec-03 (Build 129) (Setup)) Windows Live Anmelde-Assistent (Version: 5.000.818.5) Windows Live Call (Version: 14.0.8064.0206) Windows Live Communications Platform (Version: 14.0.8064.206) Windows Live Essentials (Version: 14.0.8089.0726) Windows Live Essentials (Version: 14.0.8089.726) Windows Live Family Safety (Version: 14.0.8093.805) Windows Live Fotogalerie (Version: 14.0.8081.709) Windows Live Mail (Version: 14.0.8089.0726) Windows Live Messenger (Version: 14.0.8089.0726) Windows Live Movie Maker (Version: 14.0.8091.0730) Windows Live Sync (Version: 14.0.8089.726) Windows Live Writer (Version: 14.0.8089.0726) Windows Live-Uploadtool (Version: 14.0.8014.1029) Xcalibur (Version: 2.0) Yahoo! Detect ==================== Restore Points ========================= 11-06-2013 08:10:10 Windows Update 17-06-2013 08:02:58 Windows Update 18-06-2013 07:22:27 Windows Update ==================== Hosts content: ========================== # Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # # 129.187.254.40 asa01.lrz.de 129.187.254.164 asa04.lrz.de 129.187.254.40 asa01.lrz.de # 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {2081B64A-193F-4721-BA1A-AD0ABDE67DAB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-10] (Microsoft Corporation) Task: {3B9ED5C4-C647-477D-848A-C37AE764DF3E} - System32\Tasks\User_Feed_Synchronization-{8BEC2277-8A47-4809-A7E2-B877D50C0959} => C:\Windows\system32\msfeedssync.exe [2013-06-07] (Microsoft Corporation) Task: {7CAB0BD6-8AE9-45DD-BB64-460638B7891D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-06-10] () Task: {A3FCC5B0-0F6E-47CC-A682-19AE426C9B86} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {B3038D87-CE94-422A-9FDC-9D893BB5CEE3} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {CD819A81-4C92-4F0E-9242-D3431D89ACF4} - System32\Tasks\EasySpeedUpManager => %programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-07-14] () Task: {CE9FDCE6-8205-4985-92AF-3D3C1526EC20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.) Task: {D29DF4DC-D1FF-4E7C-A1FB-2FA03C74D599} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2010-11-20] () Task: {D7124D21-9D3D-430E-9095-5CA5C98AB530} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-04-17] (Samsung Electronics. Co. Ltd.) Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-17] () Task: {D7BFFF33-7FDE-43BC-9C83-63148651A3AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.) Task: {F44EE49B-1339-46BF-AA0D-9C7B2977537F} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3457901039-3679683318-3372754741-1005 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.) Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-04-07] () Task: {FFCBAA5F-4B66-4857-97D9-2583A88D28A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-17] (Adobe Systems Incorporated) ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/18/2013 09:22:28 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3457901039-3679683318-3372754741-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {c86c2126-c36c-4a37-9c0a-5066fbb92726} Error: (06/17/2013 05:15:48 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl) konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. Error: (06/17/2013 05:15:48 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode. Error: (06/17/2013 05:09:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl) konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. Error: (06/17/2013 05:09:35 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode. Error: (06/17/2013 02:57:57 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl) konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. Error: (06/17/2013 02:57:57 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode. Error: (06/17/2013 02:57:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (06/17/2013 02:57:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "009" definiert wurden, können nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode. Error: (06/17/2013 02:57:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode. System errors: ============= Error: (06/18/2013 02:56:08 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007041d Error: (06/18/2013 02:56:08 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (06/18/2013 02:56:08 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht. Error: (06/18/2013 02:56:08 PM) (Source: DCOM) (User: ) Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (06/18/2013 02:55:12 PM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/18/2013 02:55:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (06/18/2013 02:55:12 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (06/18/2013 02:52:58 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error: (06/18/2013 01:23:17 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error: (06/18/2013 01:22:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0. Microsoft Office Sessions: ========================= Error: (06/18/2013 09:22:28 AM) (Source: VSS)(User: ) Description: ConvertStringSidToSid(S-1-5-21-3457901039-3679683318-3372754741-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {c86c2126-c36c-4a37-9c0a-5066fbb92726} Error: (06/17/2013 05:15:48 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl820000000C9120000 Error: (06/17/2013 05:15:48 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: 0078200000005A0D0000 Error: (06/17/2013 05:09:35 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl820000000C9120000 Error: (06/17/2013 05:09:35 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: 0078200000005A0D0000 Error: (06/17/2013 02:57:57 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl820000000C9120000 Error: (06/17/2013 02:57:57 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: 0078200000005A0D0000 Error: (06/17/2013 02:57:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8200000004D070000 Error: (06/17/2013 02:57:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: 0091220000000D08F010025030000 Error: (06/17/2013 02:57:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: 007122000000040EA010025030000 CodeIntegrity Errors: =================================== Date: 2013-06-09 13:08:53.962 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-09 13:08:53.798 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-09 13:08:51.521 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-09 13:08:51.350 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-09 13:08:47.374 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-09 13:08:47.125 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-09 13:08:44.854 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-09 13:08:44.640 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-09 13:08:42.252 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-09 13:08:42.015 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 3946.12 MB Available physical RAM: 1601.66 MB Total Pagefile: 7890.42 MB Available Pagefile: 5431.42 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:112 GB) (Free:3.37 GB) NTFS (Disk=0 Partition=3) Drive d: () (Fixed) (Total:165.99 GB) (Free:165.5 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 4394EB81) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended) ==================== End Of Log ============================ Grüße! |
|
19.06.2013, 07:13
| #4 | |
| /// the machine /// TB-Ausbilder | win32.downloader.gen lässt sich mit spybot nicht eliminierenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.06.2013, 11:56
| #5 |
| | win32.downloader.gen lässt sich mit spybot nicht eliminieren So, das ist die Logfile die Combofix erstellt hat: Combofix Logfile: Code:
ATTFilter ComboFix 13-06-18.02 - Christina 19.06.2013 12:25:39.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3946.2301 [GMT 2:00]
ausgeführt von:: c:\users\Christina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\qlinf.pad
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-19 bis 2013-06-19 ))))))))))))))))))))))))))))))
.
.
2013-06-19 10:36 . 2013-06-19 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-19 10:28 . 2013-06-19 10:28 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B95C1B4B-FA61-4636-A9A7-82C120414994}\offreg.dll
2013-06-18 19:21 . 2013-06-18 19:21 -------- d-----w- C:\FRST
2013-06-18 13:09 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B95C1B4B-FA61-4636-A9A7-82C120414994}\mpengine.dll
2013-06-18 13:08 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-18 13:08 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-18 13:08 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-18 13:08 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-18 13:08 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-18 13:08 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-18 13:08 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-18 13:08 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-18 13:08 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-18 13:08 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-18 11:22 . 2013-06-18 11:22 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-06-18 10:33 . 2013-06-18 11:21 -------- d-----w- c:\programdata\HitmanPro
2013-06-18 09:45 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-18 09:23 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-18 09:23 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-18 07:56 . 2013-06-18 09:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-17 09:22 . 2013-06-17 09:22 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-06-17 09:22 . 2013-06-18 12:51 -------- d-----w- c:\program files (x86)\Spyware Terminator
2013-06-17 08:34 . 2012-12-10 08:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2013-06-17 08:34 . 2012-12-10 08:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2013-06-17 08:34 . 2009-07-23 15:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll
2013-06-17 08:34 . 2009-07-23 15:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2013-06-17 08:34 . 2013-06-18 12:10 -------- d-----w- c:\program files (x86)\Win 32. Downloader . Gen Removal Tool
2013-06-17 08:09 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-17 08:04 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-17 08:04 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-17 08:04 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-17 08:04 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-17 08:04 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-17 08:04 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-09 11:09 . 2013-04-03 07:58 38080 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2013-06-09 11:09 . 2013-04-03 07:58 21320 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2013-06-09 11:09 . 2013-04-03 07:58 1919168 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2013-06-09 11:09 . 2013-04-03 07:58 1919168 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2013-06-09 11:09 . 2013-04-03 07:58 188232 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2013-06-09 11:09 . 2013-04-03 07:58 17736 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2013-06-09 11:09 . 2013-04-03 07:58 17736 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2013-06-09 11:09 . 2013-04-03 07:58 17224 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2013-06-09 11:09 . 2013-04-03 07:58 17224 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2013-06-09 11:09 . 2013-04-03 07:58 169288 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2013-06-09 11:09 . 2013-04-03 07:58 158024 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2013-06-09 11:07 . 2013-04-18 10:09 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys
2013-06-09 11:07 . 2013-04-18 10:09 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2013-06-09 11:07 . 2011-12-23 19:59 110592 ----a-w- c:\windows\SysWow64\FsUsbExDevice.Dll
2013-06-07 07:57 . 2013-06-07 07:57 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-24 08:27 . 2013-05-24 08:28 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-05-24 08:27 . 2013-05-24 08:28 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-05-21 21:42 . 2013-05-21 21:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-21 21:41 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-21 19:12 . 2013-06-18 13:07 -------- d-----w- c:\users\Christina
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-18 07:35 . 2010-09-23 06:04 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-17 07:55 . 2012-08-16 07:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 07:55 . 2011-06-18 08:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 16:53 . 2013-05-15 16:53 110080 ----a-r- c:\users\Christina.sich\AppData\Roaming\Microsoft\Installer\{E63D8961-0BA9-4CF3-9E94-407ACA42846C}\IconF7A21AF7.exe
2013-05-15 16:53 . 2013-05-15 16:53 110080 ----a-r- c:\users\Christina.sich\AppData\Roaming\Microsoft\Installer\{E63D8961-0BA9-4CF3-9E94-407ACA42846C}\IconD7F16134.exe
2013-05-15 16:53 . 2013-05-15 16:53 110080 ----a-r- c:\users\Christina.sich\AppData\Roaming\Microsoft\Installer\{E63D8961-0BA9-4CF3-9E94-407ACA42846C}\Icon1226A4C5.exe
2013-05-15 16:10 . 2013-05-15 16:10 55 ----a-w- c:\programdata\qlinf.bat
2013-05-15 16:10 . 2013-05-15 16:10 151 ----a-w- c:\programdata\qlinf.reg
2013-05-13 09:30 . 2013-05-13 09:30 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-09-16 18:05 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 10:06 . 2011-12-23 19:58 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2013-04-13 05:49 . 2013-05-19 11:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-19 11:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-19 11:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-19 11:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-19 11:44 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-19 11:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 07:04 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-19 11:44 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-19 11:44 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-19 11:44 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-03-31 07:35 . 2013-03-31 07:35 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-31 07:35 . 2013-03-31 07:35 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-31 07:35 . 2013-03-31 07:35 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-24 18:23 . 2012-09-02 12:32 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-24 18:23 . 2010-12-30 10:28 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-04-23 844144]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Spotify"="c:\users\Christina\AppData\Roaming\Spotify\Spotify.exe" [2013-06-11 4573184]
"Spotify Web Helper"="c:\users\Christina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-11 1105408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-13 702024]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2012-11-26 5724472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 Wibukey2_64;Wibukey2_64;c:\windows\system32\drivers\wibukey2_64.sys;c:\windows\SYSNATIVE\drivers\wibukey2_64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 CFRDBService;Finnigan Database Service;c:\xcalibur\System\Programs\CFRDBService.exe;c:\xcalibur\System\Programs\CFRDBService.exe [x]
S2 FinAutoLogOff;Finnigan Auto Logoff;c:\xcalibur\System\Programs\FinAutoLogOff.exe;c:\xcalibur\System\Programs\FinAutoLogOff.exe [x]
S2 Finnigan Security Server;Finnigan Security Server;c:\xcalibur\system\programs\finSS_Server.exe;c:\xcalibur\system\programs\finSS_Server.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 07:46 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 07:55]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 11:47]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 11:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download
IE: Free YouTube to MP3 Converter
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.33.254
TCP: Interfaces\{C60DE602-45B1-48F4-A158-C236BA4AC340}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ye84440f.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
Toolbar-Locked - (no file)
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-19 12:43:05
ComboFix-quarantined-files.txt 2013-06-19 10:43
.
Vor Suchlauf: 9.549.479.936 Bytes frei
Nach Suchlauf: 9.921.789.952 Bytes frei
.
- - End Of File - - 38C8A2C67DFA9BCEDAE7B074389B2B39
D41D8CD98F00B204E9800998ECF8427E |
|
19.06.2013, 12:29
| #6 |
| /// the machine /// TB-Ausbilder | win32.downloader.gen lässt sich mit spybot nicht eliminieren Combofix-Skript
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log. Noch Probleme? 
__________________ --> win32.downloader.gen lässt sich mit spybot nicht eliminieren |
|
19.06.2013, 21:10
| #7 |
| | win32.downloader.gen lässt sich mit spybot nicht eliminieren Wow  Hat soweit alles geklappt, nur dass der Eset online scan ewig gedauert hat...Hier die Logfiles: Code:
ATTFilter ComboFix 13-06-18.02 - Christina 19.06.2013 13:53:08.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3946.2110 [GMT 2:00]
ausgeführt von:: c:\users\Christina\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Christina\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\qlinf.bat"
"c:\programdata\qlinf.reg"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\qlinf.bat
c:\programdata\qlinf.reg
c:\windows\SysWow64\muzapp.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache64\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-19 bis 2013-06-19 ))))))))))))))))))))))))))))))
.
.
2013-06-19 12:00 . 2013-06-19 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-18 19:21 . 2013-06-18 19:21 -------- d-----w- C:\FRST
2013-06-18 13:09 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B95C1B4B-FA61-4636-A9A7-82C120414994}\mpengine.dll
2013-06-18 13:08 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-18 13:08 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-18 13:08 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-18 13:08 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-18 13:08 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-18 13:08 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-18 13:08 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-18 13:08 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-18 13:08 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-18 13:08 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-18 11:22 . 2013-06-18 11:22 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-06-18 10:33 . 2013-06-18 11:21 -------- d-----w- c:\programdata\HitmanPro
2013-06-18 09:45 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-18 09:23 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-18 09:23 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-18 07:56 . 2013-06-18 09:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-17 09:22 . 2013-06-17 09:22 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-06-17 09:22 . 2013-06-18 12:51 -------- d-----w- c:\program files (x86)\Spyware Terminator
2013-06-17 08:34 . 2012-12-10 08:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2013-06-17 08:34 . 2012-12-10 08:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2013-06-17 08:34 . 2009-07-23 15:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll
2013-06-17 08:34 . 2009-07-23 15:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2013-06-17 08:34 . 2013-06-18 12:10 -------- d-----w- c:\program files (x86)\Win 32. Downloader . Gen Removal Tool
2013-06-17 08:09 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-17 08:04 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-17 08:04 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-17 08:04 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-17 08:04 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-17 08:04 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-17 08:04 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-09 11:09 . 2013-04-03 07:58 38080 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2013-06-09 11:09 . 2013-04-03 07:58 21320 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2013-06-09 11:09 . 2013-04-03 07:58 1919168 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2013-06-09 11:09 . 2013-04-03 07:58 1919168 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2013-06-09 11:09 . 2013-04-03 07:58 188232 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2013-06-09 11:09 . 2013-04-03 07:58 17736 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2013-06-09 11:09 . 2013-04-03 07:58 17736 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2013-06-09 11:09 . 2013-04-03 07:58 17224 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2013-06-09 11:09 . 2013-04-03 07:58 17224 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2013-06-09 11:09 . 2013-04-03 07:58 169288 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2013-06-09 11:09 . 2013-04-03 07:58 158024 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2013-06-09 11:07 . 2013-04-18 10:09 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys
2013-06-09 11:07 . 2013-04-18 10:09 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2013-06-09 11:07 . 2011-12-23 19:59 110592 ----a-w- c:\windows\SysWow64\FsUsbExDevice.Dll
2013-06-07 07:57 . 2013-06-07 07:57 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-24 08:27 . 2013-05-24 08:28 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-05-24 08:27 . 2013-05-24 08:28 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-05-21 21:42 . 2013-05-21 21:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-21 21:41 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-21 19:12 . 2013-06-18 13:07 -------- d-----w- c:\users\Christina
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-18 07:35 . 2010-09-23 06:04 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-17 07:55 . 2012-08-16 07:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 07:55 . 2011-06-18 08:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 16:53 . 2013-05-15 16:53 110080 ----a-r- c:\users\Christina.sich\AppData\Roaming\Microsoft\Installer\{E63D8961-0BA9-4CF3-9E94-407ACA42846C}\IconF7A21AF7.exe
2013-05-15 16:53 . 2013-05-15 16:53 110080 ----a-r- c:\users\Christina.sich\AppData\Roaming\Microsoft\Installer\{E63D8961-0BA9-4CF3-9E94-407ACA42846C}\IconD7F16134.exe
2013-05-15 16:53 . 2013-05-15 16:53 110080 ----a-r- c:\users\Christina.sich\AppData\Roaming\Microsoft\Installer\{E63D8961-0BA9-4CF3-9E94-407ACA42846C}\Icon1226A4C5.exe
2013-05-13 09:30 . 2013-05-13 09:30 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-09-16 18:05 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 10:06 . 2011-12-23 19:58 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2013-04-13 05:49 . 2013-05-19 11:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-19 11:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-19 11:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-19 11:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-19 11:44 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-19 11:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 07:04 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-19 11:44 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-19 11:44 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-19 11:44 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-03-31 07:35 . 2013-03-31 07:35 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-31 07:35 . 2013-03-31 07:35 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-31 07:35 . 2013-03-31 07:35 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-24 18:23 . 2012-09-02 12:32 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-24 18:23 . 2010-12-30 10:28 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-04-23 844144]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Spotify"="c:\users\Christina\AppData\Roaming\Spotify\Spotify.exe" [2013-06-11 4573184]
"Spotify Web Helper"="c:\users\Christina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-11 1105408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-13 702024]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2012-11-26 5724472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 Wibukey2_64;Wibukey2_64;c:\windows\system32\drivers\wibukey2_64.sys;c:\windows\SYSNATIVE\drivers\wibukey2_64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 CFRDBService;Finnigan Database Service;c:\xcalibur\System\Programs\CFRDBService.exe;c:\xcalibur\System\Programs\CFRDBService.exe [x]
S2 FinAutoLogOff;Finnigan Auto Logoff;c:\xcalibur\System\Programs\FinAutoLogOff.exe;c:\xcalibur\System\Programs\FinAutoLogOff.exe [x]
S2 Finnigan Security Server;Finnigan Security Server;c:\xcalibur\system\programs\finSS_Server.exe;c:\xcalibur\system\programs\finSS_Server.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 07:46 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 07:55]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 11:47]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 11:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Christina.sich\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [BU]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download
IE: Free YouTube to MP3 Converter
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.33.254
TCP: Interfaces\{C60DE602-45B1-48F4-A158-C236BA4AC340}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ye84440f.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-19 14:07:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-19 12:07
ComboFix2.txt 2013-06-19 10:43
.
Vor Suchlauf: 8.636.473.344 Bytes frei
Nach Suchlauf: 8.582.328.320 Bytes frei
.
- - End Of File - - 424A8C377CCE741109CDD988813E0E8A
D41D8CD98F00B204E9800998ECF8427E
Code:
ATTFilter # AdwCleaner v2.303 - Datei am 19/06/2013 um 14:18:03 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Christina - R247097
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christina\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ye84440f.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ye84440f.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ye84440f.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3381 octets] - [19/06/2013 14:18:03]
########## EOF - C:\AdwCleaner[S1].txt - [3441 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Christina on 19.06.2013 at 14:28:10,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Christina\AppData\Roaming\mozilla\firefox\profiles\ye84440f.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 14:34:12,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0994d02474d2874b8d3b6b36603e4210
# engine=14109
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-19 06:31:59
# local_time=2013-06-19 08:31:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 41758 237086409 76148 0
# compatibility_mode=5893 16776573 100 94 21123 123296569 0 0
# compatibility_mode=7937 16777214 0 25 106805 106805 0 0
# scanned=211088
# found=2
# cleaned=0
# scan_time=19298
sh=E59CF113F05E4D2247225D02DE2EE7C58517C924 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.AU trojan" ac=I fn="C:\Users\Christina.sich2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\28c9aec0-6b49f07a"
sh=7A452B2D8ADF74ABE711DE1770D38F327540F2BE ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Windows\pss\msconfig.lnk.Startup"
Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (21.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
19.06.2013, 21:14
| #8 |
| | win32.downloader.gen lässt sich mit spybot nicht eliminieren Und jetzt noch das FRST-LOgfile! Spybot findet jetzt keine Malware mehr. Dafür sieht mein Desktop aus wie ein Schlachtfeld  FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2013 02
Ran by Christina (administrator) on 19-06-2013 21:41:06
Running from C:\Users\Christina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Thermo Electron Corporation) C:\Xcalibur\System\Programs\CFRDBService.exe
(Thermo Electron Corporation) C:\Xcalibur\System\Programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Xcalibur\system\programs\finSS_Server.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Windows\SysWOW64\Rezip.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Spotify Ltd) C:\Users\Christina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Dropbox, Inc.) C:\Users\Christina.sich\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [x]
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKCU\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [Spotify] "C:\Users\Christina\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4573184 2013-06-11] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Christina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-06-11] (Spotify Ltd)
HKCU\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christina.sich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Christina.sich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Christina.sich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Christina.sich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Christina.sich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.33.254
Tcpip\..\Interfaces\{C60DE602-45B1-48F4-A158-C236BA4AC340}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ye84440f.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Search) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-31] (Avira Operations GmbH & Co. KG)
R2 CFRDBService; C:\Xcalibur\System\Programs\CFRDBService.exe [335923 2006-06-23] (Thermo Electron Corporation)
R2 FinAutoLogOff; C:\Xcalibur\System\Programs\FinAutoLogOff.exe [86068 2006-06-23] (Thermo Electron Corporation)
R2 Finnigan Security Server; C:\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-23] (Thermo Electron Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-06-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-07-16] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-07-16] (Windows (R) 2003 DDK 3790 provider)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
S3 Wibukey2_64; C:\Windows\System32\drivers\wibukey2_64.sys [16896 2009-08-07] (WIBU-SYSTEMS AG)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-19 21:29 - 2013-06-19 21:29 - 00890839 ____A C:\Users\Christina\Desktop\SecurityCheck.exe
2013-06-19 14:53 - 2013-06-19 14:53 - 02347384 ____A (ESET) C:\Users\Christina\Downloads\esetsmartinstaller_enu.exe
2013-06-19 14:38 - 2013-06-19 14:38 - 00448512 ____A (OldTimer Tools) C:\Users\Christina\Desktop\TFC.exe
2013-06-19 14:34 - 2013-06-19 14:34 - 00000764 ____A C:\Users\Christina\Desktop\JRT.txt
2013-06-19 14:28 - 2013-06-19 14:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 14:27 - 2013-06-19 14:27 - 00000000 ____D C:\JRT
2013-06-19 14:26 - 2013-06-19 14:26 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Christina\Desktop\JRT.exe
2013-06-19 14:18 - 2013-06-19 14:18 - 00003506 ____A C:\AdwCleaner[S1].txt
2013-06-19 14:16 - 2013-06-19 14:16 - 00648201 ____A C:\Users\Christina\Desktop\adwcleaner.exe
2013-06-19 14:09 - 2013-06-19 21:37 - 00000000 ____D C:\Users\Christina\Desktop\Textdateien
2013-06-19 13:44 - 2013-06-19 13:45 - 05081021 ____R (Swearware) C:\Users\Christina\Desktop\ComboFix.exe
2013-06-19 12:21 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 12:21 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 12:21 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 12:21 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 12:21 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 12:21 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 12:21 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 12:21 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 12:20 - 2013-06-19 14:07 - 00000000 ____D C:\Qoobox
2013-06-19 12:20 - 2013-06-19 14:01 - 00000000 ____D C:\Windows\erdnt
2013-06-19 08:28 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-19 08:28 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-19 08:28 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-19 08:28 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-19 08:28 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-19 08:28 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-19 08:28 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-19 08:28 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-19 08:28 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-19 08:28 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-19 08:28 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-19 08:28 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-18 21:24 - 2013-06-18 21:25 - 00026808 ____A C:\Users\Christina\Downloads\Addition.txt
2013-06-18 21:21 - 2013-06-18 21:21 - 00000000 ____D C:\FRST
2013-06-18 21:20 - 2013-06-18 21:20 - 01928282 ____A (Farbar) C:\Users\Christina\Downloads\FRST64.exe
2013-06-18 21:16 - 2013-06-18 21:16 - 00121092 ____A C:\Users\Christina\Desktop\gmer.text.xps
2013-06-18 16:12 - 2013-06-18 16:12 - 00377856 ____A C:\Users\Christina\Downloads\gmer_2.1.19163.exe
2013-06-18 15:36 - 2013-06-18 15:36 - 00068544 ____A C:\Users\Christina\Downloads\Extras.Txt
2013-06-18 15:33 - 2013-06-18 15:33 - 00166424 ____A C:\Users\Christina\Downloads\OTL.Txt
2013-06-18 15:09 - 2013-06-18 15:09 - 00602112 ____A (OldTimer Tools) C:\Users\Christina\Downloads\OTL(1).exe
2013-06-18 15:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-18 15:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-18 15:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-18 15:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-18 15:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-18 15:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-18 15:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-18 15:08 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-18 15:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-18 15:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-18 15:07 - 2013-06-18 15:07 - 00000480 ____A C:\Users\Christina\Downloads\defogger_disable.log
2013-06-18 15:07 - 2013-06-18 15:07 - 00000000 ____A C:\Users\Christina\defogger_reenable
2013-06-18 15:05 - 2013-06-18 15:06 - 00050477 ____A C:\Users\Christina\Downloads\Defogger.exe
2013-06-18 13:22 - 2013-06-18 13:22 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-06-18 13:19 - 2013-06-18 13:19 - 00000550 ____A C:\Windows\System32\.crusader
2013-06-18 12:33 - 2013-06-18 13:21 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-18 12:31 - 2013-06-18 12:32 - 09833328 ____A (SurfRight B.V.) C:\Users\Christina\Downloads\HitmanPro_x64.exe
2013-06-18 12:17 - 2013-06-18 12:27 - 00000000 ____D C:\Users\Christina\Desktop\RK_Quarantine
2013-06-18 12:15 - 2013-06-18 12:16 - 00909824 ____A C:\Users\Christina\Downloads\RogueKiller.exe
2013-06-18 11:45 - 2013-06-18 11:45 - 00000956 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-18 11:45 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-18 11:44 - 2013-06-18 11:45 - 00000000 ____D C:\Users\Christina\Downloads\mbam-chameleon-1.62.1.1000
2013-06-18 11:44 - 2013-06-18 11:44 - 01440846 ____A C:\Users\Christina\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-06-18 11:23 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-18 11:23 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-18 11:22 - 2013-06-18 11:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Christina\Downloads\iexplore.exe.exe
2013-06-18 09:56 - 2013-06-18 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-18 09:55 - 2013-06-18 09:55 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Christina\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-06-18 09:34 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-18 09:34 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-18 09:34 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-18 09:34 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-18 09:34 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-18 09:34 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-18 09:34 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-18 09:34 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-18 09:34 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-18 09:34 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-18 09:34 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-18 09:34 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-18 09:34 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-18 09:34 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-18 09:34 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-18 09:34 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-18 09:34 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-18 09:34 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-18 09:34 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-17 11:22 - 2013-06-18 14:51 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-06-17 11:22 - 2013-06-17 11:22 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-17 10:34 - 2013-06-18 14:10 - 00000000 ____D C:\Program Files (x86)\Win 32. Downloader . Gen Removal Tool
2013-06-17 10:34 - 2012-12-10 10:04 - 00356352 ____A (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2013-06-17 10:34 - 2012-12-10 10:04 - 00081920 ____A (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2013-06-17 10:34 - 2009-07-23 17:32 - 01122304 ____A (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2013-06-17 10:34 - 2009-07-23 17:32 - 00274432 ____A (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2013-06-17 10:30 - 2013-06-17 10:30 - 02712264 ____A (Security Stronghold ) C:\Users\Christina\Downloads\Win32.Downloader.GenRemovalTool.exe
2013-06-17 10:26 - 2013-06-17 10:27 - 05049344 ____A (Crawler.com ) C:\Users\Christina\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-06-17 10:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-17 10:04 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-17 10:04 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-17 10:04 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-17 10:04 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-17 10:04 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-17 10:04 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 19:33 - 2013-06-11 23:37 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Skype
2013-06-11 10:40 - 2013-06-11 23:37 - 00000000 ____D C:\Users\Christina\AppData\Local\Spotify
2013-06-11 10:40 - 2013-06-11 10:40 - 00001787 ____A C:\Users\Christina\Desktop\Spotify.lnk
2013-06-11 10:39 - 2013-06-19 14:43 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Spotify
2013-06-11 10:38 - 2013-06-11 10:39 - 00092776 ____A (Spotify Ltd) C:\Users\Christina\Downloads\SpotifySetup.exe
2013-06-09 20:53 - 2013-06-09 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-09 13:13 - 2013-06-09 13:13 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-09 13:10 - 2013-06-09 13:10 - 00002006 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-09 13:09 - 2013-04-03 09:58 - 01919168 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01005.dll
2013-06-09 13:09 - 2013-04-03 09:58 - 01919168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfCoInstaller01005.dll
2013-06-09 13:09 - 2013-04-03 09:58 - 00188232 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdm.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00169288 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadbus.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00158024 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadserd.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00038080 ____A (Google Inc) C:\Windows\System32\Drivers\ssadadb.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00021320 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdfl.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00017736 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadwhnt.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00017736 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadwh.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00017224 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadcmnt.sys
2013-06-09 13:09 - 2013-04-03 09:58 - 00017224 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadcm.sys
2013-06-09 13:07 - 2013-04-18 12:09 - 00233472 ____A (Teruten) C:\Windows\SysWOW64\FsUsbExService.Exe
2013-06-09 13:07 - 2013-04-18 12:09 - 00037344 ____A C:\Windows\SysWOW64\FsUsbExDisk.Sys
2013-06-09 13:07 - 2011-12-23 21:59 - 00110592 ____A () C:\Windows\SysWOW64\FsUsbExDevice.Dll
2013-06-09 12:55 - 2013-06-09 12:55 - 00000000 ____D C:\Users\Christina\AppData\Local\Samsung
2013-06-09 12:53 - 2013-06-09 12:53 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Samsung
2013-06-07 19:40 - 2013-06-07 19:41 - 00000000 ____D C:\Users\Christina\AppData\Roaming\DivX
2013-06-07 19:40 - 2013-06-07 19:40 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Google
2013-06-07 10:02 - 2013-06-07 10:02 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-07 10:02 - 2013-06-07 10:02 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-07 10:02 - 2013-06-07 10:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-07 10:02 - 2013-06-07 10:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-07 10:02 - 2013-06-07 10:02 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-07 10:02 - 2013-06-07 10:02 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-07 10:02 - 2013-06-07 10:02 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-07 10:02 - 2013-06-07 10:02 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-07 10:02 - 2013-06-07 10:02 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-07 09:57 - 2013-06-07 09:57 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 09:48 - 2013-06-07 10:14 - 00011299 ____A C:\Windows\IE10_main.log
2013-05-24 10:58 - 2013-05-24 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 10:27 - 2013-05-24 10:28 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-05-24 10:20 - 2013-05-24 10:23 - 24963016 ____A (DVDVideoSoft Ltd. ) C:\Users\Christina\Downloads\FreeYouTubeToMP3Converter(11).exe
2013-05-24 10:20 - 2013-05-24 10:22 - 24963016 ____A (DVDVideoSoft Ltd. ) C:\Users\Christina\Downloads\FreeYouTubeToMP3Converter(10).exe
2013-05-24 10:18 - 2013-05-24 10:28 - 00000000 ____D C:\Users\Christina\AppData\Roaming\DVDVideoSoft
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Users\Christina\AppData\Roaming\EndNote
2013-05-22 10:52 - 2013-05-22 10:52 - 00000000 ____D C:\Users\Christina\AppData\Local\Adobe
2013-05-21 23:41 - 2013-05-21 23:41 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-21 23:41 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-21 23:41 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-21 23:41 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-21 23:32 - 2013-06-19 21:42 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Dropbox
2013-05-21 22:44 - 2013-06-18 09:46 - 00000000 ____D C:\Users\Christina\AppData\Local\Google
2013-05-21 22:38 - 2013-05-21 22:38 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Malwarebytes
2013-05-21 22:26 - 2013-05-21 22:28 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Christina\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-21 21:26 - 2013-05-22 10:52 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Adobe
2013-05-21 21:26 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Macromedia
2013-05-21 21:26 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Local\Macromedia
2013-05-21 21:23 - 2013-05-21 21:23 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Mozilla
2013-05-21 21:23 - 2013-05-21 21:23 - 00000000 ____D C:\Users\Christina\AppData\Local\Mozilla
2013-05-21 21:22 - 2013-06-11 10:41 - 00000000 ____D C:\Users\Christina\Desktop\Word
2013-05-21 21:18 - 2013-05-21 21:18 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Avira
2013-05-21 21:13 - 2013-05-21 21:13 - 00117072 ____A C:\Users\Christina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-21 21:13 - 2013-05-21 21:13 - 00000000 ____D C:\Users\Christina\AppData\Roaming\ATI
2013-05-21 21:13 - 2013-05-21 21:13 - 00000000 ____D C:\Users\Christina\AppData\Local\ATI
2013-05-21 21:12 - 2013-06-18 15:07 - 00000000 ____D C:\users\Christina
2013-05-21 21:12 - 2013-05-22 17:34 - 00000000 ____D C:\Users\Christina\AppData\Local\Microsoft Help
2013-05-21 21:12 - 2013-05-21 21:12 - 00000020 ___SH C:\Users\Christina\ntuser.ini
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Vorlagen
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Startmenü
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Netzwerkumgebung
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Lokale Einstellungen
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Eigene Dateien
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Druckumgebung
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Documents\Eigene Musik
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Documents\Eigene Bilder
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\AppData\Local\Verlauf
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\AppData\Local\Anwendungsdaten
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Anwendungsdaten
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 ____D C:\Users\Christina\AppData\Local\VirtualStore
2013-05-21 20:54 - 2013-05-21 21:06 - 00000000 ___RD C:\Users\Christina.sich2\Dropbox
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\SoftGrid Client
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Samsung
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Mozilla
2013-05-21 20:48 - 2013-06-09 12:55 - 00000000 ____D C:\Users\Christina\Documents\SelfMV
2013-05-21 20:48 - 2013-05-21 20:48 - 00000000 ____D C:\Users\Christina\Documents\Youcam
2013-05-21 20:47 - 2013-05-24 10:18 - 00000000 ____D C:\Users\Christina\Documents\DVDVideoSoft
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\samsung
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\OneNote-Notizbücher
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\Citavi 3
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\capella
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\TuneUp Software
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Swiss Academic Software
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Macromedia
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Google
2013-05-21 20:47 - 2013-03-26 00:18 - 00000328 ____A C:\Users\Christina\Documents\UserStl.sk
2013-05-21 20:47 - 2013-03-25 23:52 - 00000000 ____A C:\Users\Christina\Documents\UserLab.sk
2013-05-21 20:47 - 2010-11-23 22:30 - 00001921 ____A C:\Users\Christina\Documents\template.cfg
2013-05-21 20:47 - 2010-09-16 19:39 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\TP
2013-05-21 20:46 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\SoftGrid Client
2013-05-21 20:46 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\skypePM
2013-05-21 20:46 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Skype
2013-05-21 20:46 - 2013-04-14 15:24 - 00000619 ____A C:\Users\Christina\Documents\grstyles.stl
2013-05-21 20:46 - 2013-03-26 22:26 - 00000009 ____A C:\Users\Christina\Documents\LastLab.sk
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Samsung
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\pdfforge
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\OpenOffice.org
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\OpenCandy
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Mozilla
2013-05-21 20:45 - 2013-03-25 23:52 - 00000203 ____A C:\Users\Christina\Documents\BasicLab.sk
2013-05-21 20:44 - 2013-05-21 21:08 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Dropbox
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\MB-Ruler
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Malwarebytes
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Macromedia
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Google
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DVDVideoSoftIEHelpers
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DVDVideoSoft
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DivX
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\capella-software
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Avira
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Audacity
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Advanced Chemistry Development
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Adobe
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Downloaded Installations
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\DDMSettings
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Cisco
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Adobe
2013-05-21 20:44 - 2013-02-01 12:55 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\EndNote
2013-05-21 20:44 - 2012-11-05 21:25 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Conduit
2013-05-21 20:42 - 2013-05-21 20:42 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\ATI
2013-05-21 20:42 - 2013-05-21 20:42 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\ATI
2013-05-21 20:42 - 2012-12-16 21:34 - 00117072 ____A C:\Users\Christina.sich2\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-21 20:41 - 2013-05-21 21:16 - 00000000 ____D C:\users\Christina.sich2
2013-05-21 20:41 - 2013-05-21 20:53 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\VirtualStore
2013-05-21 20:41 - 2013-05-21 20:41 - 00000020 __ASH C:\Users\Christina.sich2\ntuser.ini
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Vorlagen
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Startmenü
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Netzwerkumgebung
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Lokale Einstellungen
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Eigene Dateien
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Druckumgebung
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\AppData\Local\Verlauf
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\AppData\Local\Anwendungsdaten
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Anwendungsdaten
2013-05-21 20:41 - 2013-03-14 09:18 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Microsoft Help
==================== One Month Modified Files and Folders =======
2013-06-19 21:42 - 2013-05-21 23:32 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Dropbox
2013-06-19 21:37 - 2013-06-19 14:09 - 00000000 ____D C:\Users\Christina\Desktop\Textdateien
2013-06-19 21:36 - 2012-02-19 13:47 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 21:29 - 2013-06-19 21:29 - 00890839 ____A C:\Users\Christina\Desktop\SecurityCheck.exe
2013-06-19 20:51 - 2012-08-16 09:16 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 19:23 - 2010-06-01 03:03 - 01895633 ____A C:\Windows\WindowsUpdate.log
2013-06-19 14:53 - 2013-06-19 14:53 - 02347384 ____A (ESET) C:\Users\Christina\Downloads\esetsmartinstaller_enu.exe
2013-06-19 14:53 - 2009-07-14 06:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 14:53 - 2009-07-14 06:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 14:50 - 2010-06-01 19:30 - 00669192 ____A C:\Windows\System32\perfh007.dat
2013-06-19 14:50 - 2010-06-01 19:30 - 00134976 ____A C:\Windows\System32\perfc007.dat
2013-06-19 14:50 - 2009-07-14 07:13 - 01527722 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 14:43 - 2013-06-11 10:39 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Spotify
2013-06-19 14:43 - 2012-02-19 13:47 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 14:43 - 2011-08-09 17:25 - 00000000 ___RD C:\Users\Christina\Dropbox
2013-06-19 14:41 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 14:41 - 2009-07-14 06:51 - 00070747 ____A C:\Windows\setupact.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00448512 ____A (OldTimer Tools) C:\Users\Christina\Desktop\TFC.exe
2013-06-19 14:34 - 2013-06-19 14:34 - 00000764 ____A C:\Users\Christina\Desktop\JRT.txt
2013-06-19 14:28 - 2013-06-19 14:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 14:27 - 2013-06-19 14:27 - 00000000 ____D C:\JRT
2013-06-19 14:26 - 2013-06-19 14:26 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Christina\Desktop\JRT.exe
2013-06-19 14:19 - 2010-06-01 03:54 - 00816012 ____A C:\Windows\PFRO.log
2013-06-19 14:18 - 2013-06-19 14:18 - 00003506 ____A C:\AdwCleaner[S1].txt
2013-06-19 14:16 - 2013-06-19 14:16 - 00648201 ____A C:\Users\Christina\Desktop\adwcleaner.exe
2013-06-19 14:07 - 2013-06-19 12:20 - 00000000 ____D C:\Qoobox
2013-06-19 14:01 - 2013-06-19 12:20 - 00000000 ____D C:\Windows\erdnt
2013-06-19 14:01 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-19 13:45 - 2013-06-19 13:44 - 05081021 ____R (Swearware) C:\Users\Christina\Desktop\ComboFix.exe
2013-06-19 12:43 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-18 21:25 - 2013-06-18 21:24 - 00026808 ____A C:\Users\Christina\Downloads\Addition.txt
2013-06-18 21:21 - 2013-06-18 21:21 - 00000000 ____D C:\FRST
2013-06-18 21:20 - 2013-06-18 21:20 - 01928282 ____A (Farbar) C:\Users\Christina\Downloads\FRST64.exe
2013-06-18 21:16 - 2013-06-18 21:16 - 00121092 ____A C:\Users\Christina\Desktop\gmer.text.xps
2013-06-18 16:12 - 2013-06-18 16:12 - 00377856 ____A C:\Users\Christina\Downloads\gmer_2.1.19163.exe
2013-06-18 15:36 - 2013-06-18 15:36 - 00068544 ____A C:\Users\Christina\Downloads\Extras.Txt
2013-06-18 15:33 - 2013-06-18 15:33 - 00166424 ____A C:\Users\Christina\Downloads\OTL.Txt
2013-06-18 15:09 - 2013-06-18 15:09 - 00602112 ____A (OldTimer Tools) C:\Users\Christina\Downloads\OTL(1).exe
2013-06-18 15:07 - 2013-06-18 15:07 - 00000480 ____A C:\Users\Christina\Downloads\defogger_disable.log
2013-06-18 15:07 - 2013-06-18 15:07 - 00000000 ____A C:\Users\Christina\defogger_reenable
2013-06-18 15:07 - 2013-05-21 21:12 - 00000000 ____D C:\users\Christina
2013-06-18 15:06 - 2013-06-18 15:05 - 00050477 ____A C:\Users\Christina\Downloads\Defogger.exe
2013-06-18 14:51 - 2013-06-17 11:22 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-06-18 14:10 - 2013-06-17 10:34 - 00000000 ____D C:\Program Files (x86)\Win 32. Downloader . Gen Removal Tool
2013-06-18 13:22 - 2013-06-18 13:22 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-06-18 13:21 - 2013-06-18 12:33 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-18 13:19 - 2013-06-18 13:19 - 00000550 ____A C:\Windows\System32\.crusader
2013-06-18 12:32 - 2013-06-18 12:31 - 09833328 ____A (SurfRight B.V.) C:\Users\Christina\Downloads\HitmanPro_x64.exe
2013-06-18 12:27 - 2013-06-18 12:17 - 00000000 ____D C:\Users\Christina\Desktop\RK_Quarantine
2013-06-18 12:16 - 2013-06-18 12:15 - 00909824 ____A C:\Users\Christina\Downloads\RogueKiller.exe
2013-06-18 11:45 - 2013-06-18 11:45 - 00000956 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-18 11:45 - 2013-06-18 11:44 - 00000000 ____D C:\Users\Christina\Downloads\mbam-chameleon-1.62.1.1000
2013-06-18 11:45 - 2013-06-18 09:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-18 11:44 - 2013-06-18 11:44 - 01440846 ____A C:\Users\Christina\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-06-18 11:29 - 2010-06-01 03:30 - 00000000 ____D C:\Program Files\Google
2013-06-18 11:23 - 2013-06-18 11:22 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Christina\Downloads\iexplore.exe.exe
2013-06-18 09:55 - 2013-06-18 09:55 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Christina\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-06-18 09:46 - 2013-05-21 22:44 - 00000000 ____D C:\Users\Christina\AppData\Local\Google
2013-06-18 09:46 - 2010-06-01 03:29 - 00000000 ____D C:\ProgramData\Google
2013-06-18 09:35 - 2010-09-23 08:04 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-17 11:22 - 2013-06-17 11:22 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-17 10:30 - 2013-06-17 10:30 - 02712264 ____A (Security Stronghold ) C:\Users\Christina\Downloads\Win32.Downloader.GenRemovalTool.exe
2013-06-17 10:27 - 2013-06-17 10:26 - 05049344 ____A (Crawler.com ) C:\Users\Christina\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-06-17 09:55 - 2012-08-16 09:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-17 09:55 - 2011-06-18 10:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 23:37 - 2013-06-11 19:33 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Skype
2013-06-11 23:37 - 2013-06-11 10:40 - 00000000 ____D C:\Users\Christina\AppData\Local\Spotify
2013-06-11 19:33 - 2010-06-01 03:13 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-11 19:33 - 2010-06-01 03:12 - 00000000 ____D C:\ProgramData\Skype
2013-06-11 10:41 - 2013-05-21 21:22 - 00000000 ____D C:\Users\Christina\Desktop\Word
2013-06-11 10:40 - 2013-06-11 10:40 - 00001787 ____A C:\Users\Christina\Desktop\Spotify.lnk
2013-06-11 10:39 - 2013-06-11 10:38 - 00092776 ____A (Spotify Ltd) C:\Users\Christina\Downloads\SpotifySetup.exe
2013-06-09 20:53 - 2013-06-09 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-09 13:13 - 2013-06-09 13:13 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-09 13:10 - 2013-06-09 13:10 - 00002006 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-09 12:56 - 2011-01-22 14:28 - 00000000 ____D C:\Users\Christina\Desktop\Bilder
2013-06-09 12:55 - 2013-06-09 12:55 - 00000000 ____D C:\Users\Christina\AppData\Local\Samsung
2013-06-09 12:55 - 2013-05-21 20:48 - 00000000 ____D C:\Users\Christina\Documents\SelfMV
2013-06-09 12:53 - 2013-06-09 12:53 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Samsung
2013-06-08 16:08 - 2013-06-19 08:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-19 08:28 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-19 08:28 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-19 08:28 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-19 08:28 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-19 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-19 08:28 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-19 08:28 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-19 08:28 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-19 08:28 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-19 08:28 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-19 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 19:41 - 2013-06-07 19:40 - 00000000 ____D C:\Users\Christina\AppData\Roaming\DivX
2013-06-07 19:40 - 2013-06-07 19:40 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Google
2013-06-07 10:31 - 2012-05-12 12:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-07 10:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-07 10:14 - 2013-06-07 09:48 - 00011299 ____A C:\Windows\IE10_main.log
2013-06-07 10:02 - 2013-06-07 10:02 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-07 10:02 - 2013-06-07 10:02 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-07 10:02 - 2013-06-07 10:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-07 10:02 - 2013-06-07 10:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-07 10:02 - 2013-06-07 10:02 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-07 10:02 - 2013-06-07 10:02 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-07 10:02 - 2013-06-07 10:02 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-07 10:02 - 2013-06-07 10:02 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-07 10:02 - 2013-06-07 10:02 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-07 10:02 - 2013-06-07 10:02 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-07 10:02 - 2013-06-07 10:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-07 09:57 - 2013-06-07 09:57 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 09:57 - 2013-06-07 09:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 09:50 - 2012-02-19 13:50 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-24 10:58 - 2013-05-24 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 10:28 - 2013-05-24 10:27 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-05-24 10:28 - 2013-05-24 10:18 - 00000000 ____D C:\Users\Christina\AppData\Roaming\DVDVideoSoft
2013-05-24 10:28 - 2013-02-10 12:22 - 00001402 ____A C:\Users\Christina\Desktop\Free YouTube to MP3 Converter.lnk
2013-05-24 10:23 - 2013-05-24 10:20 - 24963016 ____A (DVDVideoSoft Ltd. ) C:\Users\Christina\Downloads\FreeYouTubeToMP3Converter(11).exe
2013-05-24 10:22 - 2013-05-24 10:20 - 24963016 ____A (DVDVideoSoft Ltd. ) C:\Users\Christina\Downloads\FreeYouTubeToMP3Converter(10).exe
2013-05-24 10:18 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\DVDVideoSoft
2013-05-22 17:34 - 2013-05-21 21:12 - 00000000 ____D C:\Users\Christina\AppData\Local\Microsoft Help
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Users\Christina\AppData\Roaming\EndNote
2013-05-22 10:52 - 2013-05-22 10:52 - 00000000 ____D C:\Users\Christina\AppData\Local\Adobe
2013-05-22 10:52 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Adobe
2013-05-22 10:52 - 2013-04-23 13:47 - 00000000 ____D C:\Users\Christina\Desktop\Bewerbung
2013-05-21 23:41 - 2013-05-21 23:41 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-21 23:41 - 2013-03-24 20:23 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-21 23:32 - 2011-08-09 17:25 - 00001398 ____A C:\Users\Christina\Desktop\Dropbox.lnk
2013-05-21 23:29 - 2010-09-16 14:00 - 00000000 ____D C:\users\Christina.sich
2013-05-21 22:38 - 2013-05-21 22:38 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Malwarebytes
2013-05-21 22:28 - 2013-05-21 22:26 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Christina\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-21 21:26 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Macromedia
2013-05-21 21:26 - 2013-05-21 21:26 - 00000000 ____D C:\Users\Christina\AppData\Local\Macromedia
2013-05-21 21:23 - 2013-05-21 21:23 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Mozilla
2013-05-21 21:23 - 2013-05-21 21:23 - 00000000 ____D C:\Users\Christina\AppData\Local\Mozilla
2013-05-21 21:18 - 2013-05-21 21:18 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Avira
2013-05-21 21:16 - 2013-05-21 20:41 - 00000000 ____D C:\users\Christina.sich2
2013-05-21 21:13 - 2013-05-21 21:13 - 00117072 ____A C:\Users\Christina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-21 21:13 - 2013-05-21 21:13 - 00000000 ____D C:\Users\Christina\AppData\Roaming\ATI
2013-05-21 21:13 - 2013-05-21 21:13 - 00000000 ____D C:\Users\Christina\AppData\Local\ATI
2013-05-21 21:12 - 2013-05-21 21:12 - 00000020 ___SH C:\Users\Christina\ntuser.ini
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Vorlagen
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Startmenü
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Netzwerkumgebung
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Lokale Einstellungen
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Eigene Dateien
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Druckumgebung
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Documents\Eigene Musik
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Documents\Eigene Bilder
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\AppData\Local\Verlauf
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\AppData\Local\Anwendungsdaten
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 __SHD C:\Users\Christina\Anwendungsdaten
2013-05-21 21:12 - 2013-05-21 21:12 - 00000000 ____D C:\Users\Christina\AppData\Local\VirtualStore
2013-05-21 21:08 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Dropbox
2013-05-21 21:06 - 2013-05-21 20:54 - 00000000 ___RD C:\Users\Christina.sich2\Dropbox
2013-05-21 20:58 - 2010-09-16 19:55 - 00000000 ____D C:\Windows\pss
2013-05-21 20:53 - 2013-05-21 20:41 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\VirtualStore
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\SoftGrid Client
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Samsung
2013-05-21 20:52 - 2013-05-21 20:52 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Mozilla
2013-05-21 20:48 - 2013-05-21 20:48 - 00000000 ____D C:\Users\Christina\Documents\Youcam
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\samsung
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\OneNote-Notizbücher
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\Citavi 3
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina\Documents\capella
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\TuneUp Software
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Swiss Academic Software
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Macromedia
2013-05-21 20:47 - 2013-05-21 20:47 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Google
2013-05-21 20:47 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\SoftGrid Client
2013-05-21 20:46 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\skypePM
2013-05-21 20:46 - 2013-05-21 20:46 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Skype
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Samsung
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\pdfforge
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\OpenOffice.org
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\OpenCandy
2013-05-21 20:45 - 2013-05-21 20:45 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Mozilla
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\MB-Ruler
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Malwarebytes
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Macromedia
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Google
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DVDVideoSoftIEHelpers
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DVDVideoSoft
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\DivX
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\capella-software
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Avira
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Audacity
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Advanced Chemistry Development
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\Adobe
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Downloaded Installations
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\DDMSettings
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Cisco
2013-05-21 20:44 - 2013-05-21 20:44 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\Adobe
2013-05-21 20:42 - 2013-05-21 20:42 - 00000000 ____D C:\Users\Christina.sich2\AppData\Roaming\ATI
2013-05-21 20:42 - 2013-05-21 20:42 - 00000000 ____D C:\Users\Christina.sich2\AppData\Local\ATI
2013-05-21 20:41 - 2013-05-21 20:41 - 00000020 __ASH C:\Users\Christina.sich2\ntuser.ini
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Vorlagen
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Startmenü
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Netzwerkumgebung
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Lokale Einstellungen
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Eigene Dateien
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Druckumgebung
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\AppData\Local\Verlauf
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\AppData\Local\Anwendungsdaten
2013-05-21 20:41 - 2013-05-21 20:41 - 00000000 __SHD C:\Users\Christina.sich2\Anwendungsdaten
2013-05-20 18:12 - 2009-07-14 06:45 - 00437632 ____A C:\Windows\System32\FNTCACHE.DAT
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-05-14 02:43
==================== End Of Log ============================
--- --- --- --- --- --- |
|
20.06.2013, 08:18
| #9 |
| /// the machine /// TB-Ausbilder | win32.downloader.gen lässt sich mit spybot nicht eliminieren Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\pss\msconfig.lnk.Startup
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.06.2013, 19:11
| #10 |
| | win32.downloader.gen lässt sich mit spybot nicht eliminieren Ok! Kann/ Soll ich die ganzen verwendeten Prgramme wieder deinstallieren bzw. löschen?Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2013 02
Ran by Christina at 2013-06-20 19:56:25 Run:1
Running from C:\Users\Christina\Desktop
Boot Mode: Normal
==============================================
C:\Windows\pss\msconfig.lnk.Startup => Moved successfully.
==== End of Fixlog ====
|
|
21.06.2013, 07:34
| #11 |
| /// the machine /// TB-Ausbilder | win32.downloader.gen lässt sich mit spybot nicht eliminieren Machen wir jetzt, wir sind fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.06.2013, 11:04
| #12 |
| | win32.downloader.gen lässt sich mit spybot nicht eliminieren Danke, danke, danke, danke, danke!!!!!!!!!!! Sieht alles gut aus und ich werde deine Ratschläge zur Systemsicherheit befolgen!! Viele Grüße |
|
22.06.2013, 13:21
| #13 |
| /// the machine /// TB-Ausbilder | win32.downloader.gen lässt sich mit spybot nicht eliminieren Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu win32.downloader.gen lässt sich mit spybot nicht eliminieren |
| adobe reader xi, anlage, antivir, application/pdf:, avira, benutzerprofil, bho, computer, converter, desktop, entfernen, error, esgscanner.sys, firefox, flash player, home, iexplore.exe, install.exe, malware, mp3, plug-in, problem, realtek, safer networking, samsung kies, scan, security, server, software, spotify web helper, spyware, svchost.exe, symantec, tracker, windows, zugriff verweigert |
WARNUNG für die MITLESER: 
Linear-Darstellung
