Google chrom offnet sich unkontrolliert

schrauber · 07.09.2013, 07:48

Lösch das, ebenso alles andere gecrackte und geklaute oder es gibt keinen weiteren Support

whiskeyboy9 · 07.09.2013, 11:16

jo done.

schrauber · 07.09.2013, 14:46

frisches FRST Log bitte. Welche Probleme bestehen noch?

whiskeyboy9 · 07.09.2013, 16:59

immer noch das selbe

das frst sollte nix anderes ergeben als das letzte aber ich werde versuchen ein neues zu machen was wie bei jedem tool schwer ist da sich der browser tausende male aufruft (öffnet) und ich nichts klicken kann und der pc an überlastung leidet. Sobald der virus einmal loslegt ist nichts mehr zu rütteln -_-

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by bob (administrator) on BOB-HP on 07-09-2013 17:52:05
Running from C:\Users\bob\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {20F6E0BA-D9AE-43EA-A258-276EF4814812} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-03-31] (EasyBits Software Corp.)

FireFox:
========
FF ProfilePath: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\qucri2eo.default
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HomePage: hxxp://www.youtube.com/?gl=DE&hl=de
CHR RestoreOnStartup: "https://www.youtube.com/feed/subscriptions"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Google Docs) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Facebook Disconnect) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (AdBlock) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Don't Starve) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()
S4 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-31] (Avira Operations GmbH & Co. KG)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-07 17:40 - 2013-09-07 17:40 - 00035585 _____ C:\ComboFix.txt
2013-09-07 12:20 - 2013-09-07 12:20 - 00000963 _____ C:\Users\Public\Desktop\QtWeb.lnk
2013-09-07 12:20 - 2013-09-07 12:20 - 00000000 ____D C:\Users\bob\AppData\Local\QtWeb.NET
2013-09-07 12:20 - 2013-09-07 12:20 - 00000000 ____D C:\Program Files (x86)\QtWeb
2013-09-07 08:26 - 2013-09-07 08:26 - 00262144 _____ C:\Windows\Minidump\090713-24148-01.dmp
2013-09-07 08:16 - 2013-09-07 08:16 - 96496803 _____ C:\Windows\SysWOW64\⃿꿶蹬˜
2013-09-05 15:15 - 2013-09-05 15:16 - 01947160 _____ (Farbar) C:\Users\bob\Desktop\FRST64.exe
2013-09-03 23:56 - 2013-09-03 23:56 - 00000000 ___HD C:\Windows\PIF
2013-09-03 23:52 - 2013-09-03 23:52 - 00000000 ____D C:\Program Files\7-Zip
2013-09-03 23:51 - 2013-09-07 17:49 - 00000000 ____D C:\Users\bob\AppData\Local\LogMeIn Hamachi
2013-09-03 23:51 - 2013-09-03 23:51 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-09-03 23:51 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2013-09-03 23:25 - 2013-09-03 23:25 - 00000000 ____D C:\Users\bob\AppData\Local\Fallout3
2013-09-02 22:03 - 2013-09-03 23:23 - 00000000 ____D C:\Users\bob\Documents\My Games
2013-09-02 22:03 - 2013-09-03 12:48 - 00000000 ____D C:\Users\bob\AppData\Local\My Games
2013-09-02 18:01 - 2013-09-02 18:01 - 00000000 ____D C:\Users\bob\AppData\Local\Mozilla
2013-09-02 18:00 - 2013-09-02 18:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-02 18:00 - 2013-09-02 18:00 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-02 18:00 - 2013-09-02 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-02 14:43 - 2013-09-02 14:43 - 00000000 ____D C:\HP_TOOLS_mountHPSF
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-02 14:26 - 2013-09-02 14:26 - 00000000 ____D C:\Users\bob\AppData\Local\LogiShrd
2013-09-02 14:23 - 2013-09-02 14:23 - 00000000 ____D C:\Users\bob\AppData\Roaming\Leadertech
2013-09-02 14:22 - 2013-09-02 14:22 - 00003563 _____ C:\Windows\LDPINST.LOG
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____D C:\Users\Public\Documents\LogiShrd
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____D C:\Program Files\Logitech
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-09-02 14:21 - 2013-09-02 14:22 - 00000000 ____D C:\ProgramData\LogiShrd
2013-09-02 14:21 - 2013-09-02 14:21 - 00000000 ____D C:\Users\bob\AppData\Local\Downloaded Installations
2013-09-02 08:05 - 2013-09-05 15:15 - 00000000 ____D C:\Users\bob\Desktop\virus bekämpfungs tools
2013-09-01 18:52 - 2013-09-06 20:38 - 00000000 ____D C:\Users\bob\AppData\Roaming\Skype
2013-09-01 18:52 - 2013-09-02 14:32 - 00000000 ____D C:\ProgramData\Skype
2013-09-01 18:23 - 2013-09-01 18:23 - 00000000 ____D C:\Users\bob\AppData\Roaming\LolClient
2013-09-01 16:07 - 2013-09-01 16:07 - 00000000 ____D C:\Users\bob\AppData\Roaming\.minecraft
2013-09-01 16:01 - 2013-09-01 16:07 - 00000000 ____D C:\Users\bob\AppData\Roaming\ftblauncher
2013-09-01 16:00 - 2013-09-01 16:00 - 00512825 _____ () C:\Users\bob\Desktop\FTB_Launcher.exe
2013-09-01 15:58 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-09-01 15:58 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-09-01 15:58 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-09-01 15:55 - 2013-09-01 15:55 - 00000000 ____D C:\Users\bob\AppData\Local\Evernote
2013-09-01 15:35 - 2013-09-01 15:35 - 00000000 ____D C:\Users\bob\unifl_registry_backup
2013-09-01 15:31 - 2013-09-01 15:31 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-09-01 15:29 - 2013-09-01 15:29 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-09-01 15:26 - 2013-09-01 15:26 - 00000000 ____D C:\Program Files\ATI
2013-09-01 15:25 - 2013-09-01 15:28 - 00000000 ____D C:\Program Files\ATI Technologies
2013-09-01 15:19 - 2013-03-29 05:37 - 01155264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2013-09-01 15:19 - 2013-03-29 05:37 - 00970912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2013-09-01 15:19 - 2013-03-29 05:37 - 00139696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2013-09-01 15:19 - 2013-03-29 05:37 - 00118584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2013-09-01 15:19 - 2013-03-29 05:37 - 00112440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2013-09-01 15:19 - 2013-03-29 05:37 - 00092304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2013-09-01 15:19 - 2013-03-29 05:37 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2013-09-01 15:19 - 2013-03-29 05:37 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2013-09-01 15:19 - 2013-03-29 05:37 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2013-09-01 15:19 - 2013-03-29 05:37 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2013-09-01 15:19 - 2013-03-29 05:36 - 08272136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2013-09-01 15:19 - 2013-03-29 05:36 - 07233336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2013-09-01 15:19 - 2013-03-29 05:36 - 06985624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2013-09-01 15:19 - 2013-03-29 05:36 - 05944264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2013-09-01 15:19 - 2013-03-29 05:36 - 05000320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2013-09-01 15:19 - 2013-03-29 05:36 - 04450264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2013-09-01 15:19 - 2013-03-29 05:35 - 11658752 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-09-01 15:19 - 2013-03-29 05:13 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2013-09-01 15:19 - 2013-03-29 05:13 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2013-09-01 15:19 - 2013-03-29 05:13 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2013-09-01 15:19 - 2013-03-29 05:13 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2013-09-01 15:19 - 2013-03-29 05:13 - 00076288 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2013-09-01 15:19 - 2013-03-29 05:13 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2013-09-01 15:19 - 2013-03-29 05:12 - 29150720 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2013-09-01 15:19 - 2013-03-29 05:10 - 23810560 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2013-09-01 15:19 - 2013-03-29 05:04 - 24229376 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2013-09-01 15:19 - 2013-03-29 04:59 - 00522872 _____ C:\Windows\SysWOW64\atiapfxx.blb
2013-09-01 15:19 - 2013-03-29 04:59 - 00522872 _____ C:\Windows\system32\atiapfxx.blb
2013-09-01 15:19 - 2013-03-29 04:57 - 00163840 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-09-01 15:19 - 2013-03-29 04:55 - 16082944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2013-09-01 15:19 - 2013-03-29 04:55 - 00051200 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2013-09-01 15:19 - 2013-03-29 04:55 - 00046080 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2013-09-01 15:19 - 2013-03-29 04:55 - 00044544 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2013-09-01 15:19 - 2013-03-29 04:55 - 00044032 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2013-09-01 15:19 - 2013-03-29 04:51 - 13703168 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2013-09-01 15:19 - 2013-03-29 04:48 - 19870720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2013-09-01 15:19 - 2013-03-29 04:38 - 03309936 _____ C:\Windows\system32\atiumd6a.cap
2013-09-01 15:19 - 2013-03-29 04:38 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2013-09-01 15:19 - 2013-03-29 04:38 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2013-09-01 15:19 - 2013-03-29 04:38 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2013-09-01 15:19 - 2013-03-29 04:38 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2013-09-01 15:19 - 2013-03-29 04:35 - 00562688 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-09-01 15:19 - 2013-03-29 04:35 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-09-01 15:19 - 2013-03-29 04:34 - 00241152 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-09-01 15:19 - 2013-03-29 04:33 - 00120320 _____ (AMD) C:\Windows\system32\atitmm64.dll
2013-09-01 15:19 - 2013-03-29 04:32 - 00059392 _____ (ATI Technologies, Inc.) C:\Windows\system32\atiedu64.dll
2013-09-01 15:19 - 2013-03-29 04:32 - 00043520 _____ (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2013-09-01 15:19 - 2013-03-29 04:32 - 00026112 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-09-01 15:19 - 2013-03-29 04:24 - 03342768 _____ C:\Windows\SysWOW64\atiumdva.cap
2013-09-01 15:19 - 2013-03-29 04:10 - 00636416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2013-09-01 15:19 - 2013-03-29 04:10 - 00430080 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2013-09-01 15:19 - 2013-03-29 04:10 - 00044032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2013-09-01 15:19 - 2013-03-29 04:10 - 00017920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2013-09-01 15:19 - 2013-03-29 04:10 - 00014848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2013-09-01 15:19 - 2013-03-29 04:09 - 00581120 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-09-01 15:19 - 2013-03-29 04:09 - 00034816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2013-09-01 15:19 - 2013-03-29 04:07 - 00053248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-09-01 15:19 - 2013-03-12 08:38 - 00695006 _____ C:\Windows\system32\atiicdxx.dat
2013-09-01 15:19 - 2013-03-04 21:52 - 00230836 _____ C:\Windows\system32\ativvaxy_cik.dat
2013-09-01 15:19 - 2013-02-27 21:08 - 00044066 _____ C:\Windows\atiogl.xml
2013-09-01 15:19 - 2012-11-22 18:14 - 00230064 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2013-09-01 15:19 - 2011-09-13 01:06 - 00003917 _____ C:\Windows\SysWOW64\atipblag.dat
2013-09-01 15:19 - 2011-09-13 01:06 - 00003917 _____ C:\Windows\system32\atipblag.dat
2013-09-01 14:50 - 2013-09-01 14:50 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-09-01 14:49 - 2013-09-01 15:11 - 00000000 ____D C:\Program Files (x86)\Driver Fusion
2013-09-01 14:49 - 2013-09-01 14:49 - 00000000 ____D C:\Users\bob\AppData\Roaming\OpenCandy
2013-09-01 14:39 - 2013-09-01 14:39 - 339266608 _____ (leshcat                                                     ) C:\Users\bob\Desktop\Catalyst_13.4_WHQL_UnifL_v2.exe
2013-09-01 14:20 - 2013-09-01 15:57 - 00000000 ____D C:\AI_RecycleBin
2013-09-01 14:20 - 2013-09-01 14:20 - 00000000 ____D C:\Riot Games
2013-09-01 14:17 - 2013-09-07 08:24 - 00000000 ____D C:\Users\bob\AppData\Local\PMB Files
2013-09-01 14:17 - 2013-09-06 21:23 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-01 14:17 - 2013-09-01 14:17 - 00000000 ____D C:\Users\bob\AppData\Roaming\Riot Games
2013-09-01 14:17 - 2013-09-01 14:17 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-08-30 20:10 - 2013-08-30 22:48 - 00000000 ____D C:\Users\bob\Documents\Witcher 2
2013-08-30 20:10 - 2013-08-30 20:10 - 00000000 ____D C:\Users\bob\AppData\Local\The Witcher 2
2013-08-29 18:22 - 2013-09-07 08:26 - 624685496 _____ C:\Windows\MEMORY.DMP
2013-08-29 18:22 - 2013-09-07 08:26 - 00000000 ____D C:\Windows\Minidump
2013-08-29 18:22 - 2013-08-29 18:22 - 00266288 _____ C:\Windows\Minidump\082913-25802-01.dmp
2013-08-28 18:19 - 2013-08-28 18:19 - 00000000 ____D C:\ProgramData\AMD
2013-08-28 18:19 - 2013-08-28 18:19 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-08-28 18:09 - 2013-03-29 05:13 - 00222720 _____ C:\Windows\system32\clinfo.exe
2013-08-28 18:09 - 2013-03-29 05:13 - 00064000 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2013-08-28 18:09 - 2013-03-29 05:12 - 00056320 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2013-08-28 18:09 - 2013-03-29 05:09 - 00054784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-08-28 18:09 - 2013-03-29 05:09 - 00050176 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-08-28 18:09 - 2013-03-29 05:00 - 00076800 _____ (AMD) C:\Windows\system32\coinst_12.104.dll
2013-08-28 18:08 - 2013-02-01 03:14 - 00075600 _____ C:\Windows\system32\ativce02.dat
2013-08-28 17:52 - 2013-08-29 17:49 - 01592836 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-28 17:29 - 2013-08-28 17:29 - 00000000 ____D C:\ProgramData\Synaptics
2013-08-28 13:57 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-28 13:57 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-28 13:57 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-28 13:57 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-28 13:57 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-28 13:57 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-28 13:57 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-28 13:57 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-28 13:57 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-28 13:57 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-28 13:57 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-28 13:57 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-28 13:57 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-28 13:57 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-28 13:57 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-28 13:57 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-28 13:57 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-28 13:57 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-28 13:57 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-28 13:57 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-28 13:57 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-28 13:57 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-28 13:57 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-28 13:57 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-28 13:57 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-28 13:55 - 2013-08-28 13:57 - 00000000 ____D C:\Windows\system32\MRT
2013-08-28 13:55 - 2013-08-05 16:14 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-28 13:47 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-28 13:47 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-28 13:47 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-28 13:47 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-28 13:47 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-28 13:47 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-28 13:47 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-28 13:47 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-28 13:47 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-28 13:47 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-28 13:47 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-28 13:47 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-28 13:47 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-28 13:47 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-28 13:47 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-28 13:47 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-28 13:47 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-28 13:47 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-28 13:47 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-28 13:47 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-08-28 13:38 - 2013-03-22 09:39 - 00279024 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2013-08-28 13:38 - 2013-03-09 05:10 - 00080384 _____ C:\Windows\system32\igdde64.dll
2013-08-28 13:38 - 2013-03-09 05:10 - 00064512 _____ C:\Windows\SysWOW64\igdde32.dll
2013-08-28 13:38 - 2013-03-09 05:06 - 03511296 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2013-08-28 13:38 - 2013-03-09 05:06 - 03121152 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2013-08-28 13:38 - 2013-03-09 05:06 - 00963452 _____ C:\Windows\SysWOW64\igcodeckrng600.bin
2013-08-28 13:38 - 2013-03-09 05:06 - 00963452 _____ C:\Windows\system32\igcodeckrng600.bin
2013-08-28 13:38 - 2013-03-09 05:06 - 00575488 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2013-08-28 13:38 - 2013-03-09 05:06 - 00542720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2013-08-28 13:38 - 2013-03-09 05:06 - 00272928 _____ C:\Windows\SysWOW64\igvpkrng600.bin
2013-08-28 13:38 - 2013-03-09 05:06 - 00272928 _____ C:\Windows\system32\igvpkrng600.bin
2013-08-28 13:38 - 2013-03-09 05:06 - 00059104 _____ C:\Windows\system32\iglhxc64_dev.vp
2013-08-28 13:38 - 2013-03-09 05:06 - 00058796 _____ C:\Windows\system32\iglhxg64_dev.vp
2013-08-28 13:38 - 2013-03-09 05:06 - 00058109 _____ C:\Windows\system32\iglhxo64_dev.vp
2013-08-28 13:38 - 2011-01-27 18:24 - 00335872 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2013-08-28 13:38 - 2011-01-27 18:23 - 00385024 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2013-08-28 13:10 - 2013-08-28 13:10 - 00715038 _____ C:\Windows\unins000.exe
2013-08-28 13:10 - 2013-08-28 13:10 - 00001986 _____ C:\Windows\unins000.dat
2013-08-28 13:10 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2013-08-28 13:10 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2013-08-28 13:08 - 2013-08-28 13:08 - 00000000 ____D C:\Users\bob\AppData\Roaming\NetBeans
2013-08-28 13:08 - 2013-08-28 13:08 - 00000000 ____D C:\Users\bob\AppData\Local\NetBeans
2013-08-28 13:07 - 2013-08-28 13:07 - 00000000 ____D C:\Users\bob\Documents\Let's Play
2013-08-28 13:05 - 2013-08-28 13:05 - 00000000 ____D C:\Users\bob\AppData\Local\Dxtory Software
2013-08-28 13:05 - 2013-08-28 13:05 - 00000000 ____D C:\Program Files (x86)\Dxtory Software
2013-08-28 13:05 - 2013-02-15 22:44 - 08300544 _____ (Dxtory Software) C:\Windows\SysWOW64\DxtoryCodec.dll
2013-08-28 13:05 - 2013-02-15 22:44 - 08043008 _____ (Dxtory Software) C:\Windows\system32\DxtoryCodec.dll
2013-08-28 12:46 - 2013-08-28 12:48 - 00000000 ____D C:\Program Files\NetBeans 7.3.1
2013-08-28 12:21 - 2013-08-28 12:21 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-28 12:21 - 2013-08-28 12:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-28 12:12 - 2013-08-28 13:06 - 00000000 ____D C:\Users\bob\.nbi
2013-08-27 15:45 - 2013-08-30 15:07 - 00000000 ____D C:\Users\bob\AppData\Roaming\Rogue Legacy
2013-08-27 15:45 - 2013-08-27 15:45 - 00000000 ____D C:\Users\bob\Documents\SavedGames
2013-08-27 15:44 - 2013-08-27 15:44 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-08-25 21:18 - 2013-08-25 21:18 - 00000000 ____D C:\Users\bob\Documents\Klei
2013-08-19 11:38 - 2013-09-07 08:15 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForbob
2013-08-19 11:38 - 2013-09-07 08:15 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForbob.job
2013-08-19 11:38 - 2013-08-19 11:48 - 00000000 ____D C:\Program Files (x86)\Reise nach Nordland
2013-08-19 11:37 - 2013-08-19 11:37 - 00000000 ____D C:\Users\Public\CyberLink
2013-08-19 11:37 - 2013-08-19 11:37 - 00000000 ____D C:\Users\bob\Documents\CyberLink
2013-08-19 11:37 - 2013-08-19 11:37 - 00000000 ____D C:\Users\bob\AppData\Roaming\CyberLink
2013-08-18 16:30 - 2013-08-18 16:33 - 00000000 ____D C:\Users\bob\Desktop\Camera
2013-08-18 16:25 - 2013-08-18 16:27 - 00000000 ____D C:\Users\bob\Desktop\Images
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-17 10:49 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-17 10:49 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-17 10:49 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-17 10:49 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-17 10:49 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-17 10:49 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-17 10:49 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-17 10:49 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-17 10:49 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-17 10:49 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-17 10:49 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-17 10:49 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-17 10:49 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-17 10:49 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-17 10:49 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-17 10:49 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-17 10:49 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-17 10:49 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-17 10:49 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-17 10:49 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-17 10:49 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-17 10:49 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-17 10:49 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-17 10:49 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-17 10:49 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-17 10:49 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-17 10:49 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-17 10:49 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-17 10:49 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-17 10:49 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-17 10:49 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-17 10:49 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-16 14:34 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 14:34 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 14:34 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 14:34 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 14:34 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 14:34 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 14:34 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 14:34 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 14:34 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 14:34 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 14:33 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 14:33 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 14:33 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 14:33 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 14:33 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 14:33 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-16 14:25 - 2013-09-07 17:49 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-16 14:25 - 2013-09-07 17:30 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-16 14:25 - 2013-08-16 14:25 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-16 14:25 - 2013-08-16 14:25 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-12 20:56 - 2013-09-07 17:40 - 00000000 ____D C:\Qoobox
2013-08-12 20:56 - 2013-08-12 21:04 - 00000000 ____D C:\Windows\erdnt
2013-08-12 20:56 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-12 20:56 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-12 20:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-12 20:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-12 20:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-12 20:56 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-12 20:56 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-12 20:56 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-12 12:18 - 2013-08-26 20:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-09 13:38 - 2013-08-09 13:38 - 00000000 ____D C:\Users\bob\AppData\Local\Hewlett-Packard_Developme
2013-08-09 13:29 - 2013-08-16 14:25 - 00000000 ____D C:\Program Files (x86)\Google

==================== One Month Modified Files and Folders =======

2013-09-07 17:50 - 2013-07-31 18:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-07 17:49 - 2013-09-03 23:51 - 00000000 ____D C:\Users\bob\AppData\Local\LogMeIn Hamachi
2013-09-07 17:49 - 2013-08-16 14:25 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 17:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-07 17:48 - 2010-11-21 05:47 - 00434208 _____ C:\Windows\PFRO.log
2013-09-07 17:48 - 2009-07-14 06:51 - 00053034 _____ C:\Windows\setupact.log
2013-09-07 17:45 - 2013-07-13 17:34 - 01515311 _____ C:\Windows\WindowsUpdate.log
2013-09-07 17:43 - 2013-08-01 11:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-07 17:40 - 2013-09-07 17:40 - 00035585 _____ C:\ComboFix.txt
2013-09-07 17:40 - 2013-08-12 20:56 - 00000000 ____D C:\Qoobox
2013-09-07 17:38 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-07 17:33 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-07 17:33 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-07 17:30 - 2013-08-16 14:25 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 17:30 - 2013-07-13 19:41 - 00000000 ____D C:\Users\bob\AppData\Local\CrashDumps
2013-09-07 14:23 - 2013-07-31 18:56 - 00000000 ____D C:\Users\bob\AppData\Roaming\TS3Client
2013-09-07 12:20 - 2013-09-07 12:20 - 00000963 _____ C:\Users\Public\Desktop\QtWeb.lnk
2013-09-07 12:20 - 2013-09-07 12:20 - 00000000 ____D C:\Users\bob\AppData\Local\QtWeb.NET
2013-09-07 12:20 - 2013-09-07 12:20 - 00000000 ____D C:\Program Files (x86)\QtWeb
2013-09-07 08:26 - 2013-09-07 08:26 - 00262144 _____ C:\Windows\Minidump\090713-24148-01.dmp
2013-09-07 08:26 - 2013-08-29 18:22 - 624685496 _____ C:\Windows\MEMORY.DMP
2013-09-07 08:26 - 2013-08-29 18:22 - 00000000 ____D C:\Windows\Minidump
2013-09-07 08:24 - 2013-09-01 14:17 - 00000000 ____D C:\Users\bob\AppData\Local\PMB Files
2013-09-07 08:16 - 2013-09-07 08:16 - 96496803 _____ C:\Windows\SysWOW64\⃿꿶蹬˜
2013-09-07 08:15 - 2013-08-19 11:38 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForbob
2013-09-07 08:15 - 2013-08-19 11:38 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForbob.job
2013-09-06 21:23 - 2013-09-01 14:17 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-06 21:21 - 2011-03-31 15:53 - 00203924 _____ C:\Windows\DirectX.log
2013-09-06 20:38 - 2013-09-01 18:52 - 00000000 ____D C:\Users\bob\AppData\Roaming\Skype
2013-09-06 20:27 - 2013-07-13 19:17 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0658ACE6-D92E-420F-86AC-FEAE60DAFA34}
2013-09-05 19:51 - 2013-07-31 18:27 - 00000000 ____D C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-05 15:16 - 2013-09-05 15:15 - 01947160 _____ (Farbar) C:\Users\bob\Desktop\FRST64.exe
2013-09-05 15:15 - 2013-09-02 08:05 - 00000000 ____D C:\Users\bob\Desktop\virus bekämpfungs tools
2013-09-04 18:39 - 2013-07-13 19:17 - 00000000 ___RD C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-04 13:27 - 2013-08-01 20:49 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 13:27 - 2013-07-31 19:34 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 13:27 - 2013-07-31 19:34 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-03 23:56 - 2013-09-03 23:56 - 00000000 ___HD C:\Windows\PIF
2013-09-03 23:52 - 2013-09-03 23:52 - 00000000 ____D C:\Program Files\7-Zip
2013-09-03 23:51 - 2013-09-03 23:51 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-09-03 23:25 - 2013-09-03 23:25 - 00000000 ____D C:\Users\bob\AppData\Local\Fallout3
2013-09-03 23:23 - 2013-09-02 22:03 - 00000000 ____D C:\Users\bob\Documents\My Games
2013-09-03 12:48 - 2013-09-02 22:03 - 00000000 ____D C:\Users\bob\AppData\Local\My Games
2013-09-02 18:01 - 2013-09-02 18:01 - 00000000 ____D C:\Users\bob\AppData\Local\Mozilla
2013-09-02 18:01 - 2013-09-02 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-02 18:01 - 2013-07-31 19:35 - 00000000 ____D C:\Users\bob\AppData\Roaming\Mozilla
2013-09-02 18:00 - 2013-09-02 18:00 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-02 18:00 - 2013-09-02 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-02 16:13 - 2013-07-13 19:17 - 00001409 _____ C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-02 14:43 - 2013-09-02 14:43 - 00000000 ____D C:\HP_TOOLS_mountHPSF
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-02 14:32 - 2013-09-01 18:52 - 00000000 ____D C:\ProgramData\Skype
2013-09-02 14:26 - 2013-09-02 14:26 - 00000000 ____D C:\Users\bob\AppData\Local\LogiShrd
2013-09-02 14:23 - 2013-09-02 14:23 - 00000000 ____D C:\Users\bob\AppData\Roaming\Leadertech
2013-09-02 14:22 - 2013-09-02 14:22 - 00003563 _____ C:\Windows\LDPINST.LOG
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____D C:\Users\Public\Documents\LogiShrd
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____D C:\Program Files\Logitech
2013-09-02 14:22 - 2013-09-02 14:22 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-09-02 14:22 - 2013-09-02 14:21 - 00000000 ____D C:\ProgramData\LogiShrd
2013-09-02 14:21 - 2013-09-02 14:21 - 00000000 ____D C:\Users\bob\AppData\Local\Downloaded Installations
2013-09-02 09:45 - 2013-07-13 19:17 - 00000000 ____D C:\Users\bob\AppData\Roaming\hpqLog
2013-09-01 18:23 - 2013-09-01 18:23 - 00000000 ____D C:\Users\bob\AppData\Roaming\LolClient
2013-09-01 16:07 - 2013-09-01 16:07 - 00000000 ____D C:\Users\bob\AppData\Roaming\.minecraft
2013-09-01 16:07 - 2013-09-01 16:01 - 00000000 ____D C:\Users\bob\AppData\Roaming\ftblauncher
2013-09-01 16:00 - 2013-09-01 16:00 - 00512825 _____ () C:\Users\bob\Desktop\FTB_Launcher.exe
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-09-01 15:57 - 2013-09-01 14:20 - 00000000 ____D C:\AI_RecycleBin
2013-09-01 15:55 - 2013-09-01 15:55 - 00000000 ____D C:\Users\bob\AppData\Local\Evernote
2013-09-01 15:50 - 2013-07-13 17:46 - 00000000 ____D C:\ProgramData\Norton
2013-09-01 15:35 - 2013-09-01 15:35 - 00000000 ____D C:\Users\bob\unifl_registry_backup
2013-09-01 15:35 - 2013-07-13 19:13 - 00000000 ____D C:\Users\bob
2013-09-01 15:31 - 2013-09-01 15:31 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-09-01 15:29 - 2013-09-01 15:29 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-09-01 15:28 - 2013-09-01 15:25 - 00000000 ____D C:\Program Files\ATI Technologies
2013-09-01 15:26 - 2013-09-01 15:26 - 00000000 ____D C:\Program Files\ATI
2013-09-01 15:11 - 2013-09-01 14:49 - 00000000 ____D C:\Program Files (x86)\Driver Fusion
2013-09-01 14:56 - 2013-07-13 19:38 - 00000000 ____D C:\Users\bob\AppData\Roaming\ATI
2013-09-01 14:56 - 2013-07-13 19:38 - 00000000 ____D C:\Users\bob\AppData\Local\ATI
2013-09-01 14:56 - 2013-07-13 17:31 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-09-01 14:50 - 2013-09-01 14:50 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-09-01 14:49 - 2013-09-01 14:49 - 00000000 ____D C:\Users\bob\AppData\Roaming\OpenCandy
2013-09-01 14:39 - 2013-09-01 14:39 - 339266608 _____ (leshcat                                                     ) C:\Users\bob\Desktop\Catalyst_13.4_WHQL_UnifL_v2.exe
2013-09-01 14:20 - 2013-09-01 14:20 - 00000000 ____D C:\Riot Games
2013-09-01 14:17 - 2013-09-01 14:17 - 00000000 ____D C:\Users\bob\AppData\Roaming\Riot Games
2013-09-01 14:17 - 2013-09-01 14:17 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-08-30 22:48 - 2013-08-30 20:10 - 00000000 ____D C:\Users\bob\Documents\Witcher 2
2013-08-30 20:10 - 2013-08-30 20:10 - 00000000 ____D C:\Users\bob\AppData\Local\The Witcher 2
2013-08-30 15:07 - 2013-08-27 15:45 - 00000000 ____D C:\Users\bob\AppData\Roaming\Rogue Legacy
2013-08-29 18:22 - 2013-08-29 18:22 - 00266288 _____ C:\Windows\Minidump\082913-25802-01.dmp
2013-08-29 17:49 - 2013-08-28 17:52 - 01592836 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-29 17:49 - 2011-04-01 01:25 - 00699162 _____ C:\Windows\system32\perfh007.dat
2013-08-29 17:49 - 2011-04-01 01:25 - 00149270 _____ C:\Windows\system32\perfc007.dat
2013-08-29 17:49 - 2009-07-14 07:13 - 01592836 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 20:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-28 18:19 - 2013-08-28 18:19 - 00000000 ____D C:\ProgramData\AMD
2013-08-28 18:19 - 2013-08-28 18:19 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-08-28 18:06 - 2013-07-13 17:29 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-28 17:29 - 2013-08-28 17:29 - 00000000 ____D C:\ProgramData\Synaptics
2013-08-28 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-28 13:57 - 2013-08-28 13:55 - 00000000 ____D C:\Windows\system32\MRT
2013-08-28 13:10 - 2013-08-28 13:10 - 00715038 _____ C:\Windows\unins000.exe
2013-08-28 13:10 - 2013-08-28 13:10 - 00001986 _____ C:\Windows\unins000.dat
2013-08-28 13:08 - 2013-08-28 13:08 - 00000000 ____D C:\Users\bob\AppData\Roaming\NetBeans
2013-08-28 13:08 - 2013-08-28 13:08 - 00000000 ____D C:\Users\bob\AppData\Local\NetBeans
2013-08-28 13:07 - 2013-08-28 13:07 - 00000000 ____D C:\Users\bob\Documents\Let's Play
2013-08-28 13:06 - 2013-08-28 12:12 - 00000000 ____D C:\Users\bob\.nbi
2013-08-28 13:05 - 2013-08-28 13:05 - 00000000 ____D C:\Users\bob\AppData\Local\Dxtory Software
2013-08-28 13:05 - 2013-08-28 13:05 - 00000000 ____D C:\Program Files (x86)\Dxtory Software
2013-08-28 12:48 - 2013-08-28 12:46 - 00000000 ____D C:\Program Files\NetBeans 7.3.1
2013-08-28 12:21 - 2013-08-28 12:21 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-28 12:21 - 2013-08-28 12:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-28 12:21 - 2011-03-31 16:01 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-28 12:21 - 2011-03-31 16:01 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-28 12:21 - 2011-03-31 16:01 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-28 12:21 - 2011-03-31 16:01 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-28 12:21 - 2011-03-31 16:01 - 00000000 ____D C:\Program Files\Java
2013-08-27 15:45 - 2013-08-27 15:45 - 00000000 ____D C:\Users\bob\Documents\SavedGames
2013-08-27 15:44 - 2013-08-27 15:44 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-08-26 20:29 - 2013-08-12 12:18 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-25 21:18 - 2013-08-25 21:18 - 00000000 ____D C:\Users\bob\Documents\Klei
2013-08-19 17:04 - 2013-07-13 19:14 - 00000000 ____D C:\Users\bob\AppData\Local\VirtualStore
2013-08-19 11:48 - 2013-08-19 11:38 - 00000000 ____D C:\Program Files (x86)\Reise nach Nordland
2013-08-19 11:38 - 2013-07-13 19:15 - 00000000 ____D C:\Users\bob\AppData\Roaming\Hewlett-Packard
2013-08-19 11:38 - 2013-07-13 19:15 - 00000000 ____D C:\Users\bob\AppData\Local\Hewlett-Packard
2013-08-19 11:37 - 2013-08-19 11:37 - 00000000 ____D C:\Users\Public\CyberLink
2013-08-19 11:37 - 2013-08-19 11:37 - 00000000 ____D C:\Users\bob\Documents\CyberLink
2013-08-19 11:37 - 2013-08-19 11:37 - 00000000 ____D C:\Users\bob\AppData\Roaming\CyberLink
2013-08-19 11:37 - 2013-07-13 17:49 - 00000000 ____D C:\ProgramData\CyberLink
2013-08-18 20:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-08-18 16:33 - 2013-08-18 16:30 - 00000000 ____D C:\Users\bob\Desktop\Camera
2013-08-18 16:27 - 2013-08-18 16:25 - 00000000 ____D C:\Users\bob\Desktop\Images
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-17 20:15 - 2013-07-31 18:35 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-08-16 14:25 - 2013-08-16 14:25 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-16 14:25 - 2013-08-16 14:25 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-16 14:25 - 2013-08-09 13:29 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-16 14:25 - 2013-07-31 17:58 - 00000000 ____D C:\Users\bob\AppData\Local\Deployment
2013-08-16 14:24 - 2013-07-31 17:58 - 00000000 ____D C:\Users\bob\AppData\Local\Apps\2.0
2013-08-12 21:06 - 2013-07-13 19:16 - 00003700 _____ C:\Windows\System32\Tasks\Registration
2013-08-12 21:04 - 2013-08-12 20:56 - 00000000 ____D C:\Windows\erdnt
2013-08-09 13:38 - 2013-08-09 13:38 - 00000000 ____D C:\Users\bob\AppData\Local\Hewlett-Packard_Developme
2013-08-09 13:23 - 2009-07-14 07:08 - 00016750 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-09 13:20 - 2013-07-13 17:47 - 00000000 ____D C:\Program Files (x86)\HP SimplePass 2011

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 00:45

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 07.09.2013, 21:20

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Deinstallier Chrome, keine Daten behalten. Wie verhält sich der Rechner?

whiskeyboy9 · 08.09.2013, 13:23

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2013
Ran by bob at 2013-09-08 12:35:01 Run:2
Running from C:\Users\bob\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => Value deleted successfully.

==== End of Fixlog ====

Ich habe Firefox zu testzwecken auch installiert. Soll ich diesen auch deinstallieren? auserdem hab ich hxxp://www.qtweb.net/ als testbrowser installiert. der virus scheint auf diesen nicht zuzugreifen aber man kann ihn nicht als standartbrowser einstellen.
Ich werde den pc jetzt nachdem ich GC deinstalliert habe testen ohne GC wieder zu installieren wenn das ok ist.

btw Danke für deine hilfe und deine anstrengungen.

der browser öffnet sich schon wieder unkontroliert -_-

schrauber · 09.09.2013, 05:59

Und es ist immer nur Chrome?

whiskeyboy9 · 09.09.2013, 09:13

Nein alle browser chrome, IE und FireFox

schrauber · 09.09.2013, 16:41

mach nen kompletten Router reset, heisst Verbinsungsdaten neu eingeben.

Dann windows-Taste+r, schreibe

ipconfig /flushdns

und drücke enter.

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

whiskeyboy9 · 09.09.2013, 19:10

soll ich ein neues passwort setzen ?
ich hänge nämlich nur im w-lan.

es hat keine maleware gefunden

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bob :: BOB-HP [administrator]

09.09.2013 18:07:39
mbar-log-2013-09-09 (18-07-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 243333
Time elapsed: 33 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber · 10.09.2013, 07:22

ja auch ein neues PW setzen.

whiskeyboy9 · 11.09.2013, 16:49

ich hatte beim durchführen schon ein neues gesetzt.

Ich habe herumprobiert wenn ich jeden browser lösche und den IE deaktiviere passiert nix, auser das die leistung des laptops nachläst(vermute das der virus im hintergund läuft). Das ist keine lösung aber so kann ich die anti virus tools besser durchlaufen lassen muss nur jedes mal den IE aktivieren.

schrauber · 11.09.2013, 19:52

Heisst nach Router reset ist das Problem immer noch da?

whiskeyboy9 · 12.09.2013, 00:27

ja ich habe den roter auf die auslieferuns software zurück gesetzt und dan das pw geändert.

schrauber · 12.09.2013, 09:57

Downloade dir bitte Rogue Killer von hier.

Speichere das Tool auf deinem Desktop !
Schließe alle laufenden Programme.
Starte die RogueKiller.exe
Warte bis Prescan abgeschlossen erscheint und klicke dann auf Scannen.
Wenn der Scan beendet wurde, klicke auf Bericht und poste diesen hier.
Du findest die Logdatei RKreport[1].txt auch auf deinem Desktop.

07.09.2013, 07:48	#61
schrauber /// the machine /// TB-Ausbilder	Google chrom offnet sich unkontrolliert Lösch das, ebenso alles andere gecrackte und geklaute oder es gibt keinen weiteren Support __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

07.09.2013, 14:46	#63
schrauber /// the machine /// TB-Ausbilder	Google chrom offnet sich unkontrolliert frisches FRST Log bitte. Welche Probleme bestehen noch? __________________ __________________

09.09.2013, 05:59	#67
schrauber /// the machine /// TB-Ausbilder	Google chrom offnet sich unkontrolliert Und es ist immer nur Chrome? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

10.09.2013, 07:22	#71
schrauber /// the machine /// TB-Ausbilder	Google chrom offnet sich unkontrolliert ja auch ein neues PW setzen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

11.09.2013, 19:52	#73
schrauber /// the machine /// TB-Ausbilder	Google chrom offnet sich unkontrolliert Heisst nach Router reset ist das Problem immer noch da? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Google chrom offnet sich unkontrolliert

Plagegeister aller Art und deren Bekämpfung: Google chrom offnet sich unkontrolliert