| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.08.2013, 20:30
| #61 |
| /// Malware-holic   |  http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? Hi, doch laut log hast du einen Fund in die Quarantäne geschickt, hast du in Hitmanpro auf weiter geklickt, dann passiert das nämlich. lasse also hitmanpro noch mal scannen, markiere alle Funde gehe auf weiter und lösche sie. Browser aber bitte vorher schließen. Dann neustarten, neues frst log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.08.2013, 20:34
| #62 |
 | http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner?Code:
ATTFilter HitmanPro 3.7.7.203
www.hitmanpro.com
Computer name . . . . : LISSI1-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Lissi1-PC\Lissi1
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-08-13 21:29:12
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 40s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 105
Objects scanned . . . : 1.742.561
Files scanned . . . . : 38.002
Remnants scanned . . : 494.232 files / 1.210.327 keys
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
|
|
13.08.2013, 20:37
| #63 |
| /// Malware-holic | http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? joa, alle funde zum löschen markiert?b
__________________
__________________ |
|
13.08.2013, 21:03
| #64 |
| | http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? Combofix Logfile: Code:
ATTFilter ComboFix 13-08-13.02 - Lissi1 13.08.2013 21:45:53.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4023.2284 [GMT 2:00]
ausgeführt von:: c:\users\Lissi1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
* Neuer Wiederherstellungspunkt wurde erstellt
* Im Speicher befindliches AV aktiv.
.
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\19795AD46B.sys
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-13 bis 2013-08-13 ))))))))))))))))))))))))))))))
.
.
2013-08-13 19:54 . 2013-08-13 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-13 19:11 . 2013-08-13 19:19 -------- d-----w- c:\programdata\HitmanPro
2013-08-13 19:06 . 2013-08-13 19:07 -------- d-----w- c:\users\Lissi1\AppData\Local\adawarebp
2013-08-13 18:58 . 2013-08-13 18:58 -------- d-----w- c:\windows\ERUNT
2013-08-13 09:57 . 2011-06-27 07:31 9728 ----a-w- c:\windows\SysWow64\HWLMSET2PS.dll
2013-08-13 09:57 . 2011-06-27 07:31 589824 ----a-w- c:\windows\SysWow64\HWLMSET2.exe
2013-08-13 09:57 . 2013-08-13 09:57 -------- d-----w- c:\windows\HerculesWebcamUpdater
2013-08-13 09:57 . 2011-06-16 14:34 3359832 ----a-w- c:\windows\system32\drivers\S6000KNT.sys
2013-08-13 09:57 . 2009-06-04 07:34 65024 ----a-w- c:\windows\system32\drivers\guillflt.sys
2013-08-13 09:57 . 2009-02-08 21:43 111104 ----a-w- c:\windows\system32\drivers\hxctlflt.sys
2013-08-13 09:57 . 2013-08-13 09:57 -------- d-----w- c:\program files (x86)\Hercules
2013-08-13 09:57 . 2011-06-16 14:34 76376 ----a-w- c:\windows\system32\S6000DIF.dll
2013-08-13 09:57 . 2011-06-16 14:34 436824 ----a-w- c:\windows\system\S6000Dex.dll
2013-08-13 09:56 . 2013-08-13 09:56 -------- d-----w- c:\users\Lissi1\AppData\Roaming\InstallShield
2013-08-12 19:08 . 2013-08-12 19:08 -------- d-----w- C:\Computer
2013-08-12 18:41 . 2013-08-12 18:41 312232 ----a-w- c:\windows\system32\javaws.exe
2013-08-12 18:41 . 2013-08-12 18:41 189352 ----a-w- c:\windows\system32\javaw.exe
2013-08-12 18:41 . 2013-08-12 18:41 188840 ----a-w- c:\windows\system32\java.exe
2013-08-12 18:41 . 2013-08-12 18:41 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-12 18:41 . 2013-08-12 18:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-12 18:41 . 2013-08-12 18:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-12 09:03 . 2013-08-12 18:39 -------- d-----w- c:\users\Lissi1\AppData\Local\Adobe
2013-08-12 05:17 . 2013-08-12 05:17 -------- d-----w- c:\users\Lissi1\AppData\Roaming\SUPERAntiSpyware.com
2013-08-11 14:37 . 2013-08-11 14:37 -------- d-----w- C:\found.000
2013-08-07 17:58 . 2013-08-11 14:06 -------- d-----w- c:\program files (x86)\Plus-HD-2.4
2013-08-07 08:31 . 2013-08-07 08:31 -------- d-----w- c:\program files\Enigma Software Group
2013-08-07 08:30 . 2013-08-07 09:35 -------- d-----w- c:\windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 08:30 . 2013-08-07 08:30 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-07 08:23 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-08-07 08:23 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-08-07 08:14 . 2013-08-07 08:14 -------- d-----w- C:\FRST
2013-08-06 16:55 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-06 16:55 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-06 16:13 . 2012-03-14 03:00 385024 ----a-w- c:\windows\system32\CNMLMAW.DLL
2013-08-06 16:00 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-08-06 16:00 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-08-06 16:00 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-08-06 16:00 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-08-06 16:00 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-08-06 16:00 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-08-06 16:00 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-08-06 12:38 . 2013-08-06 12:38 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 08:56 . 2013-05-29 06:24 182936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-08-06 08:54 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-08-06 08:54 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-08-06 08:54 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-08-06 08:54 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-06 08:54 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-08-06 08:54 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-08-06 08:54 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-08-06 08:54 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-08-06 08:54 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-08-06 08:54 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-08-06 08:54 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-08-06 08:52 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-08-06 08:52 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-08-06 08:52 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-08-06 08:52 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-08-06 08:52 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-06 08:52 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-08-06 08:52 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-08-06 08:52 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-08-06 08:52 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-08-06 08:51 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-06 08:51 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-08-06 08:51 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-06 08:51 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-08-06 08:51 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-08-06 08:51 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-06 08:51 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-08-06 08:51 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-06 08:51 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-06 08:51 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-08-06 08:50 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-06 08:50 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-06 08:50 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-06 08:50 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-06 08:50 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-06 08:50 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-06 08:50 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-08-06 08:50 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-08-05 10:28 . 2013-08-05 10:28 -------- d-----w- c:\users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 10:28 . 2013-08-05 10:28 -------- d-----w- c:\programdata\Malwarebytes
2013-08-05 10:26 . 2013-08-06 22:09 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-05 09:49 . 2013-08-05 09:49 -------- d-----w- c:\users\Lissi1\AppData\Roaming\Avira
2013-08-05 09:44 . 2013-08-05 09:44 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-05 09:42 . 2013-08-05 09:35 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-05 09:42 . 2013-08-05 09:35 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-05 09:42 . 2013-08-05 09:35 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-05 09:42 . 2013-08-05 09:43 -------- d-----w- c:\programdata\Avira
2013-08-05 09:42 . 2013-08-05 09:42 -------- d-----w- c:\program files (x86)\Avira
2013-07-23 16:47 . 2013-07-23 16:47 -------- d-----w- c:\users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 16:20 . 2013-07-29 16:44 -------- d-----w- c:\users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-23 16:20 . 2013-08-01 01:08 32328 ----a-w- c:\windows\Launcher.exe
2013-07-17 16:43 . 2013-07-17 16:43 -------- d-----w- c:\users\Lissi1\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-12 21:37 . 2012-02-24 15:55 6738 --sha-w- c:\programdata\KGyGaAvL.sys
2013-08-12 18:41 . 2012-12-16 15:13 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-12 18:41 . 2011-07-18 21:14 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-23 22:57 . 2011-07-18 20:31 78277128 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-14 343168]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-05 345144]
.
c:\users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
net.lnk - c:\users\Lissi1\AppData\Roaming\Windows Net Data\net.exe [2013-7-23 709120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner Finder.lnk - c:\program files (x86)\ScanWizard 5\ScannerFinder.exe [2012-2-4 344064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-5-17 1393744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 guillflt;Guillemot Audio Lower Filter;c:\windows\system32\DRIVERS\guillflt.sys;c:\windows\SYSNATIVE\DRIVERS\guillflt.sys [x]
S3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys;c:\windows\SYSNATIVE\Drivers\hxctlflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 S6000KNT;Hercules HD Exchange;c:\windows\system32\Drivers\S6000KNT.sys;c:\windows\SYSNATIVE\Drivers\S6000KNT.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-12 18:41]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 16:44]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"CamserviceHDExchange"="c:\program files (x86)\Hercules\Hercules HD Exchange\XtrCtrlEx.exe" [2012-01-12 3391344]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} -
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
Toolbar-!{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-4060780361-2962197505-3855748707-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba696155-d96e-4281-b467-0367a0456474}]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (S-1-5-21-4060780361-2962197505-3855748707-1000)
"Flags"=dword:00000400
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-13 21:55:47
ComboFix-quarantined-files.txt 2013-08-13 19:55
ComboFix2.txt 2013-08-12 19:03
ComboFix3.txt 2013-08-06 08:33
.
Vor Suchlauf: 16 Verzeichnis(se), 1.377.346.707.456 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 1.377.332.973.568 Bytes frei
.
- - End Of File - - 4E759CF96FCBB330B83F1AF8FF9B2F72
D41D8CD98F00B204E9800998ECF8427E also hitman hat nichts gelöscht, nur ignoriert!!! >Alle probleme sind weiterhin vorhanden, jetzt ist get windowinfo dreimal da und tbupdater ist auch geblieben, dafür hat combo wieder den Explorer umbenannt, ad-aware gelöscht und mault über avira, avira meldet seit hitman 156 viren oder unerwünschte datein. Wie bekomme ich combo, hitman und den anderen dreck von meinem pc? FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01
Ran by Lissi1 (administrator) on 13-08-2013 22:02:17
Running from C:\Users\Lissi1\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Guillemot Corporation S.A.) C:\Program Files (x86)\Hercules\Hercules HD Exchange\XtrCtrlEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [CamserviceHDExchange] - C:\Program Files (x86)\Hercules\Hercules HD Exchange\XtrCtrlEx.exe [3391344 2012-01-12] (Guillemot Corporation S.A.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()
Startup: C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Lissi1\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {00B6DEF0-C572-45D3-AF51-CD416F2DA9C0} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=080613&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - 63D76E6EC6B04284B071A585DCBE8EA6 URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=53E641BF-D5D6-4646-8077-EE58703B9D12&apn_sauid=45E38BAC-10B5-487C-BE1B-F389560F4295
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {120A8821-2BEE-4C29-BCDA-62C577781992} - No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - No File
Toolbar: HKLM - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKLM-x32 - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM-x32 - No Name - !{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
Toolbar: HKLM-x32 - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: "homepage": "",
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=080613"
CHR Extension: (Plus-HD-2.4) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmbfiljpkaijkdifoaacbpallpfkkf\1.23.29_0
CHR Extension: (Skype Click to Call) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-14] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-05] (Avira Operations GmbH & Co. KG)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 Crypkey License; crypserv.exe [x]
==================== Drivers (Whitelisted) ====================
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-22] (GFI Software)
R3 guillflt; C:\Windows\System32\DRIVERS\guillflt.sys [65024 2009-06-04] (Guillemot Corp S.A.)
R3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [111104 2009-02-08] (Guillemot Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3359832 2011-06-16] (Windows (R) Win 7 DDK provider)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-13 21:56 - 2013-08-13 21:56 - 00065536 ___HT C:\Users\Lissi1\~Outlooklissa.pst.tmp
2013-08-13 21:55 - 2013-08-13 21:55 - 00030385 _____ C:\ComboFix.txt
2013-08-13 21:38 - 2013-08-13 21:38 - 00005254 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2138.log
2013-08-13 21:32 - 2013-08-13 21:32 - 00005256 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2131.log
2013-08-13 21:19 - 2013-08-13 21:19 - 00025732 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2119.log
2013-08-13 21:11 - 2013-08-13 21:19 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-13 21:06 - 2013-08-13 21:07 - 00000000 ____D C:\Users\Lissi1\AppData\Local\adawarebp
2013-08-13 21:02 - 2013-08-13 21:02 - 00011433 _____ C:\Users\Lissi1\Desktop\JRT.txt
2013-08-13 20:58 - 2013-08-13 20:58 - 00000000 ____D C:\Windows\ERUNT
2013-08-13 12:59 - 2013-08-13 12:59 - 00000000 ____D C:\Users\Lissi1\Desktop\Stinger
2013-08-13 11:58 - 2013-08-13 11:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_guillflt_01007.Wdf
2013-08-13 11:57 - 2013-08-13 11:57 - 02063600 _____ C:\Windows\vcredist_x64.log
2013-08-13 11:57 - 2013-08-13 11:57 - 02058774 _____ C:\Windows\vcredist_x86.log
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Windows\HerculesWebcamUpdater
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Program Files (x86)\Hercules
2013-08-13 11:57 - 2011-06-27 09:31 - 00589824 _____ (Guillemot Corporation S.A.) C:\Windows\SysWOW64\HWLMSET2.exe
2013-08-13 11:57 - 2011-06-27 09:31 - 00009728 _____ C:\Windows\SysWOW64\HWLMSET2PS.dll
2013-08-13 11:57 - 2011-06-16 16:34 - 03359832 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\S6000KNT.sys
2013-08-13 11:57 - 2011-06-16 16:34 - 00076376 _____ C:\Windows\system32\S6000DIF.dll
2013-08-13 11:57 - 2009-06-04 09:34 - 00065024 _____ (Guillemot Corp S.A.) C:\Windows\system32\Drivers\guillflt.sys
2013-08-13 11:57 - 2009-02-08 23:43 - 00111104 _____ (Guillemot Corporation) C:\Windows\system32\Drivers\hxctlflt.sys
2013-08-13 11:57 - 2003-09-23 04:36 - 00013448 _____ C:\Windows\S6000Twn.src
2013-08-13 11:57 - 2003-09-23 03:49 - 00015190 _____ C:\Windows\S6000Twn.ini
2013-08-13 11:56 - 2013-08-13 11:56 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\InstallShield
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____H C:\Users\Lissi1\Desktop\Desktop.event
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____D C:\Users\Lissi1\Saved Games\Documents\Corel VideoStudio Pro
2013-08-12 21:08 - 2013-08-12 21:08 - 00000000 ____D C:\Computer
2013-08-12 20:50 - 2013-08-13 21:39 - 05103833 ____R (Swearware) C:\Users\Lissi1\Desktop\ComboFix.exe
2013-08-12 20:41 - 2013-08-13 21:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 20:41 - 2013-08-12 20:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-12 20:41 - 2013-08-12 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-12 20:41 - 2013-08-12 20:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 20:38 - 2013-08-12 20:41 - 33150376 _____ (Oracle Corporation) C:\Users\Lissi1\Downloads\jre-7u25-windows-x64.exe
2013-08-12 20:34 - 2013-08-12 20:34 - 00067897 _____ C:\Users\Lissi1\Desktop\FRST1.txt
2013-08-12 20:33 - 2013-08-12 20:33 - 00044584 _____ C:\Users\Lissi1\Desktop\Addition.txt
2013-08-12 11:03 - 2013-08-12 20:39 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Adobe
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\SUPERAntiSpyware.com
2013-08-11 18:22 - 2013-08-11 18:22 - 00002676 _____ C:\AdwCleaner[S12].txt
2013-08-11 18:22 - 2013-08-11 18:22 - 00002613 _____ C:\AdwCleaner[R19].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015178 _____ C:\AdwCleaner[R18].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015091 _____ C:\AdwCleaner[S11].txt
2013-08-11 16:37 - 2013-08-11 16:37 - 00000000 ____D C:\found.000
2013-08-09 19:38 - 2013-08-12 23:38 - 00000000 ____D C:\Users\Lissi1\Desktop\hagen
2013-08-07 19:58 - 2013-08-11 16:06 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.4
2013-08-07 18:29 - 2013-08-07 18:29 - 00002180 _____ C:\AdwCleaner[S10].txt
2013-08-07 18:28 - 2013-08-07 18:28 - 00002117 _____ C:\AdwCleaner[R17].txt
2013-08-07 10:32 - 2013-08-07 10:32 - 00000000 _____ C:\autoexec.bat
2013-08-07 10:31 - 2013-08-07 10:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-07 10:30 - 2013-08-07 11:35 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 10:23 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-07 10:23 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-07 10:14 - 2013-08-07 10:14 - 00000000 ____D C:\FRST
2013-08-07 00:12 - 2013-08-07 00:12 - 00141008 _____ C:\Users\Lissi1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-07 00:10 - 2013-08-07 00:10 - 00524744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 18:55 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-06 18:55 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-06 18:20 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-06 18:20 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-06 18:20 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-06 18:20 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-06 18:20 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-06 18:20 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-06 18:20 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-06 18:20 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-06 18:20 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-06 18:20 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-06 18:20 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-06 18:20 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-06 18:20 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-06 18:20 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-06 18:20 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-06 18:20 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-06 18:20 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-06 18:20 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-06 18:20 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-06 18:20 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-06 18:20 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-06 18:20 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-06 18:20 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-06 18:20 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-06 18:20 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-06 18:18 - 2013-08-06 18:20 - 00000000 ____D C:\Windows\system32\MRT
2013-08-06 18:13 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAW.DLL
2013-08-06 18:07 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag (1).js
2013-08-06 18:06 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag.js
2013-08-06 18:00 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-06 18:00 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-06 18:00 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-06 18:00 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-06 18:00 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-06 18:00 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-06 18:00 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:35 - 2013-08-06 14:44 - 00010360 _____ C:\Windows\IE10_main.log
2013-08-06 11:59 - 2013-08-06 11:59 - 00002055 _____ C:\AdwCleaner[R14].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001994 _____ C:\AdwCleaner[R13].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001933 _____ C:\AdwCleaner[R12].txt
2013-08-06 10:56 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-06 10:56 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-06 10:56 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-06 10:56 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-06 10:56 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-06 10:56 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-06 10:56 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-06 10:56 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-06 10:56 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-06 10:56 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-06 10:56 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-06 10:56 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-06 10:56 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-06 10:56 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-06 10:56 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-06 10:56 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-06 10:56 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-06 10:56 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-06 10:56 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-06 10:56 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-06 10:56 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-06 10:56 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-06 10:56 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-06 10:56 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-06 10:56 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-06 10:56 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-06 10:56 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-06 10:56 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-06 10:56 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-06 10:56 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-06 10:56 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-06 10:56 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-06 10:54 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-06 10:54 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-06 10:54 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-06 10:54 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-06 10:54 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-06 10:54 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-06 10:54 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-06 10:54 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-06 10:54 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-06 10:54 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-06 10:54 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-08-06 10:54 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-08-06 10:54 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-08-06 10:53 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-06 10:53 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-06 10:53 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-06 10:53 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-06 10:53 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-06 10:53 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-06 10:53 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-06 10:53 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-06 10:53 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-06 10:53 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-08-06 10:53 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-08-06 10:53 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-08-06 10:53 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-06 10:53 - 2013-01-04 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-06 10:53 - 2013-01-04 04:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-06 10:53 - 2013-01-04 04:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-06 10:53 - 2013-01-04 04:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-06 10:52 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-06 10:52 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-06 10:52 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-08-06 10:52 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-06 10:51 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-06 10:51 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-06 10:51 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-06 10:51 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-06 10:51 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-06 10:51 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-06 10:51 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-06 10:51 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-06 10:51 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-08-06 10:51 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-08-06 10:50 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-08-06 10:50 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-06 10:50 - 2013-03-19 08:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-06 10:50 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-06 10:50 - 2013-03-19 07:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-06 10:50 - 2013-03-19 07:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-06 10:50 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-08-06 10:50 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-06 10:18 - 2013-08-13 21:55 - 00000000 ____D C:\Qoobox
2013-08-06 10:18 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-06 10:18 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-06 10:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-06 10:17 - 2013-08-06 10:32 - 00000000 ____D C:\Windows\erdnt
2013-08-06 10:10 - 2013-08-06 10:10 - 00001872 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:08 - 2013-08-06 10:08 - 00001811 _____ C:\AdwCleaner[R10].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00002038 _____ C:\AdwCleaner[S7].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00001976 _____ C:\AdwCleaner[R9].txt
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:26 - 2013-08-07 00:09 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-05 12:26 - 2013-08-05 12:26 - 00001714 _____ C:\AdwCleaner[R8].txt
2013-08-05 12:21 - 2013-08-05 12:21 - 00001654 _____ C:\AdwCleaner[R7].txt
2013-08-05 12:08 - 2013-08-05 12:08 - 00001596 _____ C:\AdwCleaner[S6].txt
2013-08-05 12:08 - 2013-08-05 12:08 - 00001534 _____ C:\AdwCleaner[R6].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001726 _____ C:\AdwCleaner[S5].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001664 _____ C:\AdwCleaner[R5].txt
2013-08-05 12:01 - 2013-08-05 12:01 - 00666633 _____ C:\Users\Lissi1\Desktop\adwcleaner06.exe
2013-08-05 11:53 - 2013-08-05 11:53 - 00078778 _____ C:\AdwCleaner[R4].txt
2013-08-05 11:53 - 2013-08-05 11:53 - 00033765 _____ C:\AdwCleaner[S4].txt
2013-08-05 11:51 - 2013-08-05 11:51 - 00078717 _____ C:\AdwCleaner[R3].txt
2013-08-05 11:49 - 2013-08-05 11:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Avira
2013-08-05 11:44 - 2013-08-05 11:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 11:42 - 2013-08-05 11:43 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 11:42 - 2013-08-05 11:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 11:42 - 2013-08-05 11:35 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 11:42 - 2013-08-05 11:35 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 11:42 - 2013-08-05 11:35 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-26 13:22 - 2013-08-12 23:38 - 00000000 ____D C:\Users\Lissi1\Desktop\Lissi Teich
2013-07-26 06:15 - 2013-07-26 06:15 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-07-25 19:22 - 2013-08-12 23:38 - 00000000 ____D C:\Users\Lissi1\Desktop\MalleTauchen
2013-07-25 16:48 - 2013-07-25 19:12 - 1071260076 _____ C:\Users\Lissi1\Downloads\Archiv20130709-1430.zip
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 18:20 - 2013-08-09 12:00 - 00003874 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-07-23 18:20 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-07-23 18:20 - 2013-07-29 18:44 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-23 18:20 - 2013-07-23 18:20 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-07-22 17:03 - 2013-07-22 17:03 - 00004171 _____ C:\Users\Lissi1\Desktop\TauchenAlissa.wlmp
2013-07-22 16:53 - 2013-07-22 17:03 - 00004166 _____ C:\Users\Lissi1\Desktop\Tauchen1.wlmp
2013-07-22 14:41 - 2013-07-14 19:47 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430 - Kopie.mov
2013-07-17 18:43 - 2013-07-17 18:43 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Deployment
2013-07-17 16:37 - 2013-07-17 17:49 - 00001447 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-17 16:37 - 2013-07-17 17:49 - 00001413 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-14 18:38 - 2013-07-14 19:47 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430.mov
==================== One Month Modified Files and Folders =======
2013-08-13 22:01 - 2013-05-08 20:36 - 190989312 _____ C:\Users\Lissi1\Outlooklissa.pst
2013-08-13 21:56 - 2013-08-13 21:56 - 00065536 ___HT C:\Users\Lissi1\~Outlooklissa.pst.tmp
2013-08-13 21:56 - 2012-02-04 18:48 - 00000000 ____D C:\Users\Lissi1
2013-08-13 21:55 - 2013-08-13 21:55 - 00030385 _____ C:\ComboFix.txt
2013-08-13 21:55 - 2013-08-06 10:18 - 00000000 ____D C:\Qoobox
2013-08-13 21:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-13 21:49 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 21:49 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 21:44 - 2013-08-12 20:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 21:44 - 2012-02-04 18:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-13 21:41 - 2013-03-05 20:06 - 00008680 _____ C:\Windows\error.log
2013-08-13 21:41 - 2012-10-23 16:46 - 00000000 ___RD C:\Users\Lissi1\Dropbox
2013-08-13 21:41 - 2012-10-23 16:44 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Dropbox
2013-08-13 21:40 - 2013-04-04 12:45 - 00010993 _____ C:\Windows\setupact.log
2013-08-13 21:40 - 2013-03-05 20:05 - 00003333 _____ C:\Windows\errord.log
2013-08-13 21:40 - 2012-02-04 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-13 21:40 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 21:39 - 2013-08-12 20:50 - 05103833 ____R (Swearware) C:\Users\Lissi1\Desktop\ComboFix.exe
2013-08-13 21:39 - 2012-02-04 18:43 - 01555458 _____ C:\Windows\WindowsUpdate.log
2013-08-13 21:38 - 2013-08-13 21:38 - 00005254 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2138.log
2013-08-13 21:32 - 2013-08-13 21:32 - 00005256 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2131.log
2013-08-13 21:19 - 2013-08-13 21:19 - 00025732 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2119.log
2013-08-13 21:19 - 2013-08-13 21:11 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-13 21:10 - 2012-12-24 23:53 - 00004084 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-08-13 21:10 - 2012-12-24 23:51 - 00004122 _____ C:\Windows\System32\Tasks\Software Updater
2013-08-13 21:07 - 2013-08-13 21:06 - 00000000 ____D C:\Users\Lissi1\AppData\Local\adawarebp
2013-08-13 21:02 - 2013-08-13 21:02 - 00011433 _____ C:\Users\Lissi1\Desktop\JRT.txt
2013-08-13 20:58 - 2013-08-13 20:58 - 00000000 ____D C:\Windows\ERUNT
2013-08-13 18:45 - 2012-04-13 16:05 - 03463168 ___SH C:\Users\Lissi1\Desktop\Thumbs.db
2013-08-13 17:50 - 2012-09-20 17:48 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Skype
2013-08-13 12:59 - 2013-08-13 12:59 - 00000000 ____D C:\Users\Lissi1\Desktop\Stinger
2013-08-13 11:58 - 2013-08-13 11:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_guillflt_01007.Wdf
2013-08-13 11:57 - 2013-08-13 11:57 - 02063600 _____ C:\Windows\vcredist_x64.log
2013-08-13 11:57 - 2013-08-13 11:57 - 02058774 _____ C:\Windows\vcredist_x86.log
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Windows\HerculesWebcamUpdater
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Program Files (x86)\Hercules
2013-08-13 11:57 - 2011-07-18 23:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-13 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2013-08-13 11:56 - 2013-08-13 11:56 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\InstallShield
2013-08-12 23:38 - 2013-08-09 19:38 - 00000000 ____D C:\Users\Lissi1\Desktop\hagen
2013-08-12 23:38 - 2013-07-26 13:22 - 00000000 ____D C:\Users\Lissi1\Desktop\Lissi Teich
2013-08-12 23:38 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Lissi1\Desktop\MalleTauchen
2013-08-12 23:38 - 2013-06-15 16:45 - 00000000 ____D C:\Users\Lissi1\Desktop\Fohlenhof
2013-08-12 23:38 - 2013-06-12 17:55 - 00000000 ____D C:\Users\Lissi1\Desktop\LissiSchwimmfest
2013-08-12 23:38 - 2013-06-12 13:51 - 00000000 ____D C:\Users\Lissi1\Desktop\schwimmfest2013
2013-08-12 23:38 - 2013-06-11 07:55 - 00000000 ____D C:\Users\Lissi1\Desktop\garten2013
2013-08-12 23:38 - 2013-06-11 07:54 - 00000000 ____D C:\Users\Lissi1\Desktop\Norderney
2013-08-12 23:38 - 2013-06-08 14:03 - 00000000 ____D C:\Users\Lissi1\Desktop\tiergartenSommer
2013-08-12 23:38 - 2013-05-25 21:23 - 00000000 ____D C:\Users\Lissi1\Desktop\Turnier2013
2013-08-12 23:38 - 2012-02-05 11:48 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Ulead Systems
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____H C:\Users\Lissi1\Desktop\Desktop.event
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____D C:\Users\Lissi1\Saved Games\Documents\Corel VideoStudio Pro
2013-08-12 23:37 - 2012-02-24 17:55 - 00006738 ___SH C:\ProgramData\KGyGaAvL.sys
2013-08-12 21:46 - 2012-11-13 07:22 - 00127648 _____ C:\Windows\PFRO.log
2013-08-12 21:08 - 2013-08-12 21:08 - 00000000 ____D C:\Computer
2013-08-12 20:44 - 2012-05-27 20:06 - 00000000 ____D C:\Program Files (x86)\Intenium
2013-08-12 20:41 - 2013-08-12 20:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-12 20:41 - 2013-08-12 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-12 20:41 - 2013-08-12 20:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 20:41 - 2013-08-12 20:38 - 33150376 _____ (Oracle Corporation) C:\Users\Lissi1\Downloads\jre-7u25-windows-x64.exe
2013-08-12 20:41 - 2012-12-16 17:13 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-12 20:41 - 2011-07-18 23:14 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-12 20:39 - 2013-08-12 11:03 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Adobe
2013-08-12 20:34 - 2013-08-12 20:34 - 00067897 _____ C:\Users\Lissi1\Desktop\FRST1.txt
2013-08-12 20:33 - 2013-08-12 20:33 - 00044584 _____ C:\Users\Lissi1\Desktop\Addition.txt
2013-08-12 20:26 - 2012-07-07 11:03 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-12 20:24 - 2012-02-04 18:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-12 20:23 - 2012-07-15 22:08 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\DVDVideoSoft
2013-08-12 20:22 - 2012-12-27 12:37 - 00000000 ____D C:\Program Files (x86)\Biet-O-Matic
2013-08-12 20:22 - 2012-08-12 12:59 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\SUPERAntiSpyware.com
2013-08-11 19:57 - 2012-12-24 23:48 - 00000000 ____D C:\Program Files (x86)\SelfUpdater
2013-08-11 18:22 - 2013-08-11 18:22 - 00002676 _____ C:\AdwCleaner[S12].txt
2013-08-11 18:22 - 2013-08-11 18:22 - 00002613 _____ C:\AdwCleaner[R19].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015178 _____ C:\AdwCleaner[R18].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015091 _____ C:\AdwCleaner[S11].txt
2013-08-11 17:11 - 2012-05-09 15:14 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-08-11 16:44 - 2013-03-10 20:20 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\MyPhoneExplorer
2013-08-11 16:37 - 2013-08-11 16:37 - 00000000 ____D C:\found.000
2013-08-11 16:06 - 2013-08-07 19:58 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.4
2013-08-10 18:26 - 2013-03-10 20:25 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-08-10 18:25 - 2013-03-10 21:04 - 00002065 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-08-10 18:25 - 2013-03-10 21:04 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-08-09 12:00 - 2013-07-23 18:20 - 00003874 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-07 20:07 - 2012-05-09 15:16 - 00002592 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-07 18:29 - 2013-08-07 18:29 - 00002180 _____ C:\AdwCleaner[S10].txt
2013-08-07 18:28 - 2013-08-07 18:28 - 00002117 _____ C:\AdwCleaner[R17].txt
2013-08-07 11:35 - 2013-08-07 10:30 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 10:32 - 2013-08-07 10:32 - 00000000 _____ C:\autoexec.bat
2013-08-07 10:31 - 2013-08-07 10:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-07 10:14 - 2013-08-07 10:14 - 00000000 ____D C:\FRST
2013-08-07 01:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-07 00:12 - 2013-08-07 00:12 - 00141008 _____ C:\Users\Lissi1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-07 00:10 - 2013-08-07 00:10 - 00524744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-07 00:09 - 2013-08-05 12:26 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-06 18:38 - 2012-02-04 18:47 - 00000000 ___RD C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-06 18:38 - 2012-02-04 18:47 - 00000000 ___RD C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-06 18:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-06 18:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-06 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-06 18:33 - 2011-04-12 10:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-06 18:20 - 2013-08-06 18:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-06 18:12 - 2011-05-16 16:04 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-06 18:12 - 2011-05-16 16:04 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-06 18:12 - 2009-07-14 07:13 - 01519624 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 18:07 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag (1).js
2013-08-06 18:07 - 2013-08-06 18:06 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag.js
2013-08-06 17:43 - 2011-07-18 22:54 - 00000000 ____D C:\Windows\Panther
2013-08-06 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-08-06 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sl-SI
2013-08-06 14:51 - 2012-02-04 19:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 14:44 - 2013-08-06 14:35 - 00010360 _____ C:\Windows\IE10_main.log
2013-08-06 14:38 - 2013-08-06 14:38 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 11:59 - 2013-08-06 11:59 - 00002055 _____ C:\AdwCleaner[R14].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001994 _____ C:\AdwCleaner[R13].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001933 _____ C:\AdwCleaner[R12].txt
2013-08-06 11:44 - 2012-11-24 19:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 11:44 - 2012-11-24 19:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 10:33 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-06 10:32 - 2013-08-06 10:17 - 00000000 ____D C:\Windows\erdnt
2013-08-06 10:10 - 2013-08-06 10:10 - 00001872 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:08 - 2013-08-06 10:08 - 00001811 _____ C:\AdwCleaner[R10].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00002038 _____ C:\AdwCleaner[S7].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00001976 _____ C:\AdwCleaner[R9].txt
2013-08-05 16:22 - 2013-05-11 14:02 - 00000000 ____D C:\ProgramData\Avery
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:26 - 2013-08-05 12:26 - 00001714 _____ C:\AdwCleaner[R8].txt
2013-08-05 12:21 - 2013-08-05 12:21 - 00001654 _____ C:\AdwCleaner[R7].txt
2013-08-05 12:09 - 2012-02-04 23:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\CheckPoint
2013-08-05 12:08 - 2013-08-05 12:08 - 00001596 _____ C:\AdwCleaner[S6].txt
2013-08-05 12:08 - 2013-08-05 12:08 - 00001534 _____ C:\AdwCleaner[R6].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001726 _____ C:\AdwCleaner[S5].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001664 _____ C:\AdwCleaner[R5].txt
2013-08-05 12:01 - 2013-08-05 12:01 - 00666633 _____ C:\Users\Lissi1\Desktop\adwcleaner06.exe
2013-08-05 11:53 - 2013-08-05 11:53 - 00078778 _____ C:\AdwCleaner[R4].txt
2013-08-05 11:53 - 2013-08-05 11:53 - 00033765 _____ C:\AdwCleaner[S4].txt
2013-08-05 11:51 - 2013-08-05 11:51 - 00078717 _____ C:\AdwCleaner[R3].txt
2013-08-05 11:49 - 2013-08-05 11:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Avira
2013-08-05 11:44 - 2013-08-05 11:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 11:43 - 2013-08-05 11:42 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 11:42 - 2013-08-05 11:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 11:35 - 2013-08-05 11:42 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 11:35 - 2013-08-05 11:42 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 11:35 - 2013-08-05 11:42 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-01 03:08 - 2013-07-23 18:20 - 00032328 _____ C:\Windows\Launcher.exe
2013-07-29 18:44 - 2013-07-23 18:20 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-26 06:15 - 2013-07-26 06:15 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-07-25 19:12 - 2013-07-25 16:48 - 1071260076 _____ C:\Users\Lissi1\Downloads\Archiv20130709-1430.zip
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 18:20 - 2013-07-23 18:20 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-07-22 17:03 - 2013-07-22 17:03 - 00004171 _____ C:\Users\Lissi1\Desktop\TauchenAlissa.wlmp
2013-07-22 17:03 - 2013-07-22 16:53 - 00004166 _____ C:\Users\Lissi1\Desktop\Tauchen1.wlmp
2013-07-18 20:44 - 2012-12-27 12:37 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\BOM
2013-07-17 18:43 - 2013-07-17 18:43 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Deployment
2013-07-17 18:43 - 2012-09-17 16:53 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Apps\2.0
2013-07-17 18:34 - 2013-02-09 17:40 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-17 18:34 - 2012-05-09 15:14 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\FreeFLVConverter
2013-07-17 18:34 - 2012-02-04 21:31 - 00000000 ____D C:\Program Files (x86)\ScanWizard 5
2013-07-17 18:34 - 2011-07-18 23:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-17 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-17 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-17 18:21 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-17 18:13 - 2013-02-09 17:37 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Ad-Aware Antivirus
2013-07-17 17:49 - 2013-07-17 16:37 - 00001447 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-17 17:49 - 2013-07-17 16:37 - 00001413 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-17 09:24 - 2012-02-04 18:44 - 00000000 ____D C:\Program Files\Google
2013-07-16 08:43 - 2012-02-04 19:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Google
2013-07-16 08:43 - 2012-02-04 18:44 - 00000000 ____D C:\ProgramData\Google
2013-07-14 19:47 - 2013-07-22 14:41 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430 - Kopie.mov
2013-07-14 19:47 - 2013-07-14 18:38 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430.mov
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 05:58
==================== End Of Log ============================
--- --- --- |
|
14.08.2013, 12:55
| #65 |
| | http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01
Ran by Lissi1 (administrator) on 13-08-2013 22:02:17
Running from C:\Users\Lissi1\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Guillemot Corporation S.A.) C:\Program Files (x86)\Hercules\Hercules HD Exchange\XtrCtrlEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [CamserviceHDExchange] - C:\Program Files (x86)\Hercules\Hercules HD Exchange\XtrCtrlEx.exe [3391344 2012-01-12] (Guillemot Corporation S.A.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()
Startup: C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Lissi1\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {00B6DEF0-C572-45D3-AF51-CD416F2DA9C0} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=080613&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - 63D76E6EC6B04284B071A585DCBE8EA6 URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=53E641BF-D5D6-4646-8077-EE58703B9D12&apn_sauid=45E38BAC-10B5-487C-BE1B-F389560F4295
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {120A8821-2BEE-4C29-BCDA-62C577781992} - No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - No File
Toolbar: HKLM - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKLM-x32 - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM-x32 - No Name - !{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
Toolbar: HKLM-x32 - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: "homepage": "",
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=080613"
CHR Extension: (Plus-HD-2.4) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmbfiljpkaijkdifoaacbpallpfkkf\1.23.29_0
CHR Extension: (Skype Click to Call) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-14] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-05] (Avira Operations GmbH & Co. KG)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 Crypkey License; crypserv.exe [x]
==================== Drivers (Whitelisted) ====================
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-22] (GFI Software)
R3 guillflt; C:\Windows\System32\DRIVERS\guillflt.sys [65024 2009-06-04] (Guillemot Corp S.A.)
R3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [111104 2009-02-08] (Guillemot Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3359832 2011-06-16] (Windows (R) Win 7 DDK provider)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-13 21:56 - 2013-08-13 21:56 - 00065536 ___HT C:\Users\Lissi1\~Outlooklissa.pst.tmp
2013-08-13 21:55 - 2013-08-13 21:55 - 00030385 _____ C:\ComboFix.txt
2013-08-13 21:38 - 2013-08-13 21:38 - 00005254 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2138.log
2013-08-13 21:32 - 2013-08-13 21:32 - 00005256 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2131.log
2013-08-13 21:19 - 2013-08-13 21:19 - 00025732 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2119.log
2013-08-13 21:11 - 2013-08-13 21:19 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-13 21:06 - 2013-08-13 21:07 - 00000000 ____D C:\Users\Lissi1\AppData\Local\adawarebp
2013-08-13 21:02 - 2013-08-13 21:02 - 00011433 _____ C:\Users\Lissi1\Desktop\JRT.txt
2013-08-13 20:58 - 2013-08-13 20:58 - 00000000 ____D C:\Windows\ERUNT
2013-08-13 12:59 - 2013-08-13 12:59 - 00000000 ____D C:\Users\Lissi1\Desktop\Stinger
2013-08-13 11:58 - 2013-08-13 11:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_guillflt_01007.Wdf
2013-08-13 11:57 - 2013-08-13 11:57 - 02063600 _____ C:\Windows\vcredist_x64.log
2013-08-13 11:57 - 2013-08-13 11:57 - 02058774 _____ C:\Windows\vcredist_x86.log
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Windows\HerculesWebcamUpdater
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Program Files (x86)\Hercules
2013-08-13 11:57 - 2011-06-27 09:31 - 00589824 _____ (Guillemot Corporation S.A.) C:\Windows\SysWOW64\HWLMSET2.exe
2013-08-13 11:57 - 2011-06-27 09:31 - 00009728 _____ C:\Windows\SysWOW64\HWLMSET2PS.dll
2013-08-13 11:57 - 2011-06-16 16:34 - 03359832 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\S6000KNT.sys
2013-08-13 11:57 - 2011-06-16 16:34 - 00076376 _____ C:\Windows\system32\S6000DIF.dll
2013-08-13 11:57 - 2009-06-04 09:34 - 00065024 _____ (Guillemot Corp S.A.) C:\Windows\system32\Drivers\guillflt.sys
2013-08-13 11:57 - 2009-02-08 23:43 - 00111104 _____ (Guillemot Corporation) C:\Windows\system32\Drivers\hxctlflt.sys
2013-08-13 11:57 - 2003-09-23 04:36 - 00013448 _____ C:\Windows\S6000Twn.src
2013-08-13 11:57 - 2003-09-23 03:49 - 00015190 _____ C:\Windows\S6000Twn.ini
2013-08-13 11:56 - 2013-08-13 11:56 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\InstallShield
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____H C:\Users\Lissi1\Desktop\Desktop.event
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____D C:\Users\Lissi1\Saved Games\Documents\Corel VideoStudio Pro
2013-08-12 21:08 - 2013-08-12 21:08 - 00000000 ____D C:\Computer
2013-08-12 20:50 - 2013-08-13 21:39 - 05103833 ____R (Swearware) C:\Users\Lissi1\Desktop\ComboFix.exe
2013-08-12 20:41 - 2013-08-13 21:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 20:41 - 2013-08-12 20:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-12 20:41 - 2013-08-12 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-12 20:41 - 2013-08-12 20:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 20:38 - 2013-08-12 20:41 - 33150376 _____ (Oracle Corporation) C:\Users\Lissi1\Downloads\jre-7u25-windows-x64.exe
2013-08-12 20:34 - 2013-08-12 20:34 - 00067897 _____ C:\Users\Lissi1\Desktop\FRST1.txt
2013-08-12 20:33 - 2013-08-12 20:33 - 00044584 _____ C:\Users\Lissi1\Desktop\Addition.txt
2013-08-12 11:03 - 2013-08-12 20:39 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Adobe
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\SUPERAntiSpyware.com
2013-08-11 18:22 - 2013-08-11 18:22 - 00002676 _____ C:\AdwCleaner[S12].txt
2013-08-11 18:22 - 2013-08-11 18:22 - 00002613 _____ C:\AdwCleaner[R19].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015178 _____ C:\AdwCleaner[R18].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015091 _____ C:\AdwCleaner[S11].txt
2013-08-11 16:37 - 2013-08-11 16:37 - 00000000 ____D C:\found.000
2013-08-09 19:38 - 2013-08-12 23:38 - 00000000 ____D C:\Users\Lissi1\Desktop\hagen
2013-08-07 19:58 - 2013-08-11 16:06 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.4
2013-08-07 18:29 - 2013-08-07 18:29 - 00002180 _____ C:\AdwCleaner[S10].txt
2013-08-07 18:28 - 2013-08-07 18:28 - 00002117 _____ C:\AdwCleaner[R17].txt
2013-08-07 10:32 - 2013-08-07 10:32 - 00000000 _____ C:\autoexec.bat
2013-08-07 10:31 - 2013-08-07 10:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-07 10:30 - 2013-08-07 11:35 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 10:23 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-07 10:23 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-07 10:14 - 2013-08-07 10:14 - 00000000 ____D C:\FRST
2013-08-07 00:12 - 2013-08-07 00:12 - 00141008 _____ C:\Users\Lissi1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-07 00:10 - 2013-08-07 00:10 - 00524744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 18:55 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-06 18:55 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-06 18:20 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-06 18:20 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-06 18:20 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-06 18:20 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-06 18:20 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-06 18:20 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-06 18:20 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-06 18:20 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-06 18:20 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-06 18:20 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-06 18:20 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-06 18:20 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-06 18:20 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-06 18:20 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-06 18:20 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-06 18:20 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-06 18:20 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-06 18:20 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-06 18:20 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-06 18:20 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-06 18:20 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-06 18:20 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-06 18:20 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-06 18:20 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-06 18:20 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-06 18:18 - 2013-08-06 18:20 - 00000000 ____D C:\Windows\system32\MRT
2013-08-06 18:13 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAW.DLL
2013-08-06 18:07 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag (1).js
2013-08-06 18:06 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag.js
2013-08-06 18:00 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-06 18:00 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-06 18:00 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-06 18:00 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-06 18:00 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-06 18:00 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-06 18:00 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:35 - 2013-08-06 14:44 - 00010360 _____ C:\Windows\IE10_main.log
2013-08-06 11:59 - 2013-08-06 11:59 - 00002055 _____ C:\AdwCleaner[R14].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001994 _____ C:\AdwCleaner[R13].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001933 _____ C:\AdwCleaner[R12].txt
2013-08-06 10:56 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-06 10:56 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-06 10:56 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-06 10:56 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-06 10:56 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-06 10:56 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-06 10:56 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-06 10:56 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-06 10:56 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-06 10:56 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-06 10:56 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-06 10:56 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-06 10:56 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-06 10:56 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-06 10:56 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-06 10:56 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-06 10:56 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-06 10:56 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-06 10:56 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-06 10:56 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-06 10:56 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-06 10:56 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-06 10:56 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-06 10:56 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-06 10:56 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-06 10:56 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-06 10:56 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-06 10:56 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-06 10:56 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-06 10:56 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-06 10:56 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-06 10:56 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-06 10:54 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-06 10:54 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-06 10:54 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-06 10:54 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-06 10:54 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-06 10:54 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-06 10:54 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-06 10:54 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-06 10:54 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-06 10:54 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-06 10:54 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-08-06 10:54 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-08-06 10:54 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-08-06 10:53 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-06 10:53 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-06 10:53 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-06 10:53 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-06 10:53 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-06 10:53 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-06 10:53 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-06 10:53 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-06 10:53 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-06 10:53 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-08-06 10:53 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-08-06 10:53 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-08-06 10:53 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-06 10:53 - 2013-01-04 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-06 10:53 - 2013-01-04 04:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-06 10:53 - 2013-01-04 04:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-06 10:53 - 2013-01-04 04:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-06 10:52 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-06 10:52 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-06 10:52 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-08-06 10:52 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-06 10:51 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-06 10:51 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-06 10:51 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-06 10:51 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-06 10:51 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-06 10:51 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-06 10:51 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-06 10:51 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-06 10:51 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-08-06 10:51 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-08-06 10:50 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-08-06 10:50 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-06 10:50 - 2013-03-19 08:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-06 10:50 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-06 10:50 - 2013-03-19 07:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-06 10:50 - 2013-03-19 07:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-06 10:50 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-08-06 10:50 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-06 10:18 - 2013-08-13 21:55 - 00000000 ____D C:\Qoobox
2013-08-06 10:18 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-06 10:18 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-06 10:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-06 10:17 - 2013-08-06 10:32 - 00000000 ____D C:\Windows\erdnt
2013-08-06 10:10 - 2013-08-06 10:10 - 00001872 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:08 - 2013-08-06 10:08 - 00001811 _____ C:\AdwCleaner[R10].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00002038 _____ C:\AdwCleaner[S7].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00001976 _____ C:\AdwCleaner[R9].txt
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:26 - 2013-08-07 00:09 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-05 12:26 - 2013-08-05 12:26 - 00001714 _____ C:\AdwCleaner[R8].txt
2013-08-05 12:21 - 2013-08-05 12:21 - 00001654 _____ C:\AdwCleaner[R7].txt
2013-08-05 12:08 - 2013-08-05 12:08 - 00001596 _____ C:\AdwCleaner[S6].txt
2013-08-05 12:08 - 2013-08-05 12:08 - 00001534 _____ C:\AdwCleaner[R6].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001726 _____ C:\AdwCleaner[S5].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001664 _____ C:\AdwCleaner[R5].txt
2013-08-05 12:01 - 2013-08-05 12:01 - 00666633 _____ C:\Users\Lissi1\Desktop\adwcleaner06.exe
2013-08-05 11:53 - 2013-08-05 11:53 - 00078778 _____ C:\AdwCleaner[R4].txt
2013-08-05 11:53 - 2013-08-05 11:53 - 00033765 _____ C:\AdwCleaner[S4].txt
2013-08-05 11:51 - 2013-08-05 11:51 - 00078717 _____ C:\AdwCleaner[R3].txt
2013-08-05 11:49 - 2013-08-05 11:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Avira
2013-08-05 11:44 - 2013-08-05 11:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 11:42 - 2013-08-05 11:43 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 11:42 - 2013-08-05 11:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 11:42 - 2013-08-05 11:35 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 11:42 - 2013-08-05 11:35 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 11:42 - 2013-08-05 11:35 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-26 13:22 - 2013-08-12 23:38 - 00000000 ____D C:\Users\Lissi1\Desktop\Lissi Teich
2013-07-26 06:15 - 2013-07-26 06:15 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-07-25 19:22 - 2013-08-12 23:38 - 00000000 ____D C:\Users\Lissi1\Desktop\MalleTauchen
2013-07-25 16:48 - 2013-07-25 19:12 - 1071260076 _____ C:\Users\Lissi1\Downloads\Archiv20130709-1430.zip
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 18:20 - 2013-08-09 12:00 - 00003874 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-07-23 18:20 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-07-23 18:20 - 2013-07-29 18:44 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-23 18:20 - 2013-07-23 18:20 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-07-22 17:03 - 2013-07-22 17:03 - 00004171 _____ C:\Users\Lissi1\Desktop\TauchenAlissa.wlmp
2013-07-22 16:53 - 2013-07-22 17:03 - 00004166 _____ C:\Users\Lissi1\Desktop\Tauchen1.wlmp
2013-07-22 14:41 - 2013-07-14 19:47 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430 - Kopie.mov
2013-07-17 18:43 - 2013-07-17 18:43 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Deployment
2013-07-17 16:37 - 2013-07-17 17:49 - 00001447 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-17 16:37 - 2013-07-17 17:49 - 00001413 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-14 18:38 - 2013-07-14 19:47 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430.mov
==================== One Month Modified Files and Folders =======
2013-08-13 22:01 - 2013-05-08 20:36 - 190989312 _____ C:\Users\Lissi1\Outlooklissa.pst
2013-08-13 21:56 - 2013-08-13 21:56 - 00065536 ___HT C:\Users\Lissi1\~Outlooklissa.pst.tmp
2013-08-13 21:56 - 2012-02-04 18:48 - 00000000 ____D C:\Users\Lissi1
2013-08-13 21:55 - 2013-08-13 21:55 - 00030385 _____ C:\ComboFix.txt
2013-08-13 21:55 - 2013-08-06 10:18 - 00000000 ____D C:\Qoobox
2013-08-13 21:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-13 21:49 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 21:49 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 21:44 - 2013-08-12 20:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 21:44 - 2012-02-04 18:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-13 21:41 - 2013-03-05 20:06 - 00008680 _____ C:\Windows\error.log
2013-08-13 21:41 - 2012-10-23 16:46 - 00000000 ___RD C:\Users\Lissi1\Dropbox
2013-08-13 21:41 - 2012-10-23 16:44 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Dropbox
2013-08-13 21:40 - 2013-04-04 12:45 - 00010993 _____ C:\Windows\setupact.log
2013-08-13 21:40 - 2013-03-05 20:05 - 00003333 _____ C:\Windows\errord.log
2013-08-13 21:40 - 2012-02-04 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-13 21:40 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 21:39 - 2013-08-12 20:50 - 05103833 ____R (Swearware) C:\Users\Lissi1\Desktop\ComboFix.exe
2013-08-13 21:39 - 2012-02-04 18:43 - 01555458 _____ C:\Windows\WindowsUpdate.log
2013-08-13 21:38 - 2013-08-13 21:38 - 00005254 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2138.log
2013-08-13 21:32 - 2013-08-13 21:32 - 00005256 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2131.log
2013-08-13 21:19 - 2013-08-13 21:19 - 00025732 _____ C:\Users\Lissi1\Desktop\HitmanPro_20130813_2119.log
2013-08-13 21:19 - 2013-08-13 21:11 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-13 21:10 - 2012-12-24 23:53 - 00004084 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-08-13 21:10 - 2012-12-24 23:51 - 00004122 _____ C:\Windows\System32\Tasks\Software Updater
2013-08-13 21:07 - 2013-08-13 21:06 - 00000000 ____D C:\Users\Lissi1\AppData\Local\adawarebp
2013-08-13 21:02 - 2013-08-13 21:02 - 00011433 _____ C:\Users\Lissi1\Desktop\JRT.txt
2013-08-13 20:58 - 2013-08-13 20:58 - 00000000 ____D C:\Windows\ERUNT
2013-08-13 18:45 - 2012-04-13 16:05 - 03463168 ___SH C:\Users\Lissi1\Desktop\Thumbs.db
2013-08-13 17:50 - 2012-09-20 17:48 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Skype
2013-08-13 12:59 - 2013-08-13 12:59 - 00000000 ____D C:\Users\Lissi1\Desktop\Stinger
2013-08-13 11:58 - 2013-08-13 11:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_guillflt_01007.Wdf
2013-08-13 11:57 - 2013-08-13 11:57 - 02063600 _____ C:\Windows\vcredist_x64.log
2013-08-13 11:57 - 2013-08-13 11:57 - 02058774 _____ C:\Windows\vcredist_x86.log
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Windows\HerculesWebcamUpdater
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Program Files (x86)\Hercules
2013-08-13 11:57 - 2011-07-18 23:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-13 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2013-08-13 11:56 - 2013-08-13 11:56 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\InstallShield
2013-08-12 23:38 - 2013-08-09 19:38 - 00000000 ____D C:\Users\Lissi1\Desktop\hagen
2013-08-12 23:38 - 2013-07-26 13:22 - 00000000 ____D C:\Users\Lissi1\Desktop\Lissi Teich
2013-08-12 23:38 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Lissi1\Desktop\MalleTauchen
2013-08-12 23:38 - 2013-06-15 16:45 - 00000000 ____D C:\Users\Lissi1\Desktop\Fohlenhof
2013-08-12 23:38 - 2013-06-12 17:55 - 00000000 ____D C:\Users\Lissi1\Desktop\LissiSchwimmfest
2013-08-12 23:38 - 2013-06-12 13:51 - 00000000 ____D C:\Users\Lissi1\Desktop\schwimmfest2013
2013-08-12 23:38 - 2013-06-11 07:55 - 00000000 ____D C:\Users\Lissi1\Desktop\garten2013
2013-08-12 23:38 - 2013-06-11 07:54 - 00000000 ____D C:\Users\Lissi1\Desktop\Norderney
2013-08-12 23:38 - 2013-06-08 14:03 - 00000000 ____D C:\Users\Lissi1\Desktop\tiergartenSommer
2013-08-12 23:38 - 2013-05-25 21:23 - 00000000 ____D C:\Users\Lissi1\Desktop\Turnier2013
2013-08-12 23:38 - 2012-02-05 11:48 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Ulead Systems
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____H C:\Users\Lissi1\Desktop\Desktop.event
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____D C:\Users\Lissi1\Saved Games\Documents\Corel VideoStudio Pro
2013-08-12 23:37 - 2012-02-24 17:55 - 00006738 ___SH C:\ProgramData\KGyGaAvL.sys
2013-08-12 21:46 - 2012-11-13 07:22 - 00127648 _____ C:\Windows\PFRO.log
2013-08-12 21:08 - 2013-08-12 21:08 - 00000000 ____D C:\Computer
2013-08-12 20:44 - 2012-05-27 20:06 - 00000000 ____D C:\Program Files (x86)\Intenium
2013-08-12 20:41 - 2013-08-12 20:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-12 20:41 - 2013-08-12 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-12 20:41 - 2013-08-12 20:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 20:41 - 2013-08-12 20:38 - 33150376 _____ (Oracle Corporation) C:\Users\Lissi1\Downloads\jre-7u25-windows-x64.exe
2013-08-12 20:41 - 2012-12-16 17:13 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-12 20:41 - 2011-07-18 23:14 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-12 20:39 - 2013-08-12 11:03 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Adobe
2013-08-12 20:34 - 2013-08-12 20:34 - 00067897 _____ C:\Users\Lissi1\Desktop\FRST1.txt
2013-08-12 20:33 - 2013-08-12 20:33 - 00044584 _____ C:\Users\Lissi1\Desktop\Addition.txt
2013-08-12 20:26 - 2012-07-07 11:03 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-12 20:24 - 2012-02-04 18:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-12 20:23 - 2012-07-15 22:08 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\DVDVideoSoft
2013-08-12 20:22 - 2012-12-27 12:37 - 00000000 ____D C:\Program Files (x86)\Biet-O-Matic
2013-08-12 20:22 - 2012-08-12 12:59 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\SUPERAntiSpyware.com
2013-08-11 19:57 - 2012-12-24 23:48 - 00000000 ____D C:\Program Files (x86)\SelfUpdater
2013-08-11 18:22 - 2013-08-11 18:22 - 00002676 _____ C:\AdwCleaner[S12].txt
2013-08-11 18:22 - 2013-08-11 18:22 - 00002613 _____ C:\AdwCleaner[R19].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015178 _____ C:\AdwCleaner[R18].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015091 _____ C:\AdwCleaner[S11].txt
2013-08-11 17:11 - 2012-05-09 15:14 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-08-11 16:44 - 2013-03-10 20:20 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\MyPhoneExplorer
2013-08-11 16:37 - 2013-08-11 16:37 - 00000000 ____D C:\found.000
2013-08-11 16:06 - 2013-08-07 19:58 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.4
2013-08-10 18:26 - 2013-03-10 20:25 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-08-10 18:25 - 2013-03-10 21:04 - 00002065 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-08-10 18:25 - 2013-03-10 21:04 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-08-09 12:00 - 2013-07-23 18:20 - 00003874 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-07 20:07 - 2012-05-09 15:16 - 00002592 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-07 18:29 - 2013-08-07 18:29 - 00002180 _____ C:\AdwCleaner[S10].txt
2013-08-07 18:28 - 2013-08-07 18:28 - 00002117 _____ C:\AdwCleaner[R17].txt
2013-08-07 11:35 - 2013-08-07 10:30 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 10:32 - 2013-08-07 10:32 - 00000000 _____ C:\autoexec.bat
2013-08-07 10:31 - 2013-08-07 10:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-07 10:14 - 2013-08-07 10:14 - 00000000 ____D C:\FRST
2013-08-07 01:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-07 00:12 - 2013-08-07 00:12 - 00141008 _____ C:\Users\Lissi1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-07 00:10 - 2013-08-07 00:10 - 00524744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-07 00:09 - 2013-08-05 12:26 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-06 18:38 - 2012-02-04 18:47 - 00000000 ___RD C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-06 18:38 - 2012-02-04 18:47 - 00000000 ___RD C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-06 18:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-06 18:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-06 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-06 18:33 - 2011-04-12 10:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-06 18:20 - 2013-08-06 18:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-06 18:12 - 2011-05-16 16:04 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-06 18:12 - 2011-05-16 16:04 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-06 18:12 - 2009-07-14 07:13 - 01519624 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 18:07 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag (1).js
2013-08-06 18:07 - 2013-08-06 18:06 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag.js
2013-08-06 17:43 - 2011-07-18 22:54 - 00000000 ____D C:\Windows\Panther
2013-08-06 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-08-06 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sl-SI
2013-08-06 14:51 - 2012-02-04 19:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 14:44 - 2013-08-06 14:35 - 00010360 _____ C:\Windows\IE10_main.log
2013-08-06 14:38 - 2013-08-06 14:38 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 11:59 - 2013-08-06 11:59 - 00002055 _____ C:\AdwCleaner[R14].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001994 _____ C:\AdwCleaner[R13].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001933 _____ C:\AdwCleaner[R12].txt
2013-08-06 11:44 - 2012-11-24 19:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 11:44 - 2012-11-24 19:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 10:33 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-06 10:32 - 2013-08-06 10:17 - 00000000 ____D C:\Windows\erdnt
2013-08-06 10:10 - 2013-08-06 10:10 - 00001872 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:08 - 2013-08-06 10:08 - 00001811 _____ C:\AdwCleaner[R10].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00002038 _____ C:\AdwCleaner[S7].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00001976 _____ C:\AdwCleaner[R9].txt
2013-08-05 16:22 - 2013-05-11 14:02 - 00000000 ____D C:\ProgramData\Avery
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:26 - 2013-08-05 12:26 - 00001714 _____ C:\AdwCleaner[R8].txt
2013-08-05 12:21 - 2013-08-05 12:21 - 00001654 _____ C:\AdwCleaner[R7].txt
2013-08-05 12:09 - 2012-02-04 23:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\CheckPoint
2013-08-05 12:08 - 2013-08-05 12:08 - 00001596 _____ C:\AdwCleaner[S6].txt
2013-08-05 12:08 - 2013-08-05 12:08 - 00001534 _____ C:\AdwCleaner[R6].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001726 _____ C:\AdwCleaner[S5].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001664 _____ C:\AdwCleaner[R5].txt
2013-08-05 12:01 - 2013-08-05 12:01 - 00666633 _____ C:\Users\Lissi1\Desktop\adwcleaner06.exe
2013-08-05 11:53 - 2013-08-05 11:53 - 00078778 _____ C:\AdwCleaner[R4].txt
2013-08-05 11:53 - 2013-08-05 11:53 - 00033765 _____ C:\AdwCleaner[S4].txt
2013-08-05 11:51 - 2013-08-05 11:51 - 00078717 _____ C:\AdwCleaner[R3].txt
2013-08-05 11:49 - 2013-08-05 11:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Avira
2013-08-05 11:44 - 2013-08-05 11:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 11:43 - 2013-08-05 11:42 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 11:42 - 2013-08-05 11:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 11:35 - 2013-08-05 11:42 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 11:35 - 2013-08-05 11:42 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 11:35 - 2013-08-05 11:42 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-01 03:08 - 2013-07-23 18:20 - 00032328 _____ C:\Windows\Launcher.exe
2013-07-29 18:44 - 2013-07-23 18:20 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-26 06:15 - 2013-07-26 06:15 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-07-25 19:12 - 2013-07-25 16:48 - 1071260076 _____ C:\Users\Lissi1\Downloads\Archiv20130709-1430.zip
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 18:20 - 2013-07-23 18:20 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-07-22 17:03 - 2013-07-22 17:03 - 00004171 _____ C:\Users\Lissi1\Desktop\TauchenAlissa.wlmp
2013-07-22 17:03 - 2013-07-22 16:53 - 00004166 _____ C:\Users\Lissi1\Desktop\Tauchen1.wlmp
2013-07-18 20:44 - 2012-12-27 12:37 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\BOM
2013-07-17 18:43 - 2013-07-17 18:43 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Deployment
2013-07-17 18:43 - 2012-09-17 16:53 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Apps\2.0
2013-07-17 18:34 - 2013-02-09 17:40 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-17 18:34 - 2012-05-09 15:14 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\FreeFLVConverter
2013-07-17 18:34 - 2012-02-04 21:31 - 00000000 ____D C:\Program Files (x86)\ScanWizard 5
2013-07-17 18:34 - 2011-07-18 23:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-17 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-17 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-17 18:21 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-17 18:13 - 2013-02-09 17:37 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Ad-Aware Antivirus
2013-07-17 17:49 - 2013-07-17 16:37 - 00001447 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-17 17:49 - 2013-07-17 16:37 - 00001413 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-17 09:24 - 2012-02-04 18:44 - 00000000 ____D C:\Program Files\Google
2013-07-16 08:43 - 2012-02-04 19:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Google
2013-07-16 08:43 - 2012-02-04 18:44 - 00000000 ____D C:\ProgramData\Google
2013-07-14 19:47 - 2013-07-22 14:41 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430 - Kopie.mov
2013-07-14 19:47 - 2013-07-14 18:38 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430.mov
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 05:58
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Code:
ATTFilter HitmanPro 3.7.7.203
www.hitmanpro.com
Computer name . . . . : LISSI1-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Lissi1-PC\Lissi1
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-08-13 22:07:19
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 31s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 0
Objects scanned . . . : 1.744.014
Files scanned . . . . : 37.460
Remnants scanned . . : 493.333 files / 1.213.221 keys
wie bokomme ich die vieren weg? also immer noch getwindow und tbupdater, meine programme konnte ich retten! wie bekomme ich den schrott weg den ich für diene log geladen habe? keins deiner Programme hatte irgeneinen nährwert, außer meine pc zu blockieren und langsam zu machen, gelöscht wurde nicht von den bedrohungen. Also wie jetzt mal richtig weiter? welches Programm kann die Malware löschen ohne das ich dafür 3 Tage brauche und Programme lösche die nichts damit zu tun haben? so wie bekomme ich die vieren vom Rechner???? getwindow startet jetzt drei mal und tbupdater ist auch noch da, antivirus muste ich neu installieren weil deine löschprogramme es mal kurzerhand gekillt haben genau wie adaware. Die meisten programme habe ich jetzt gerettet aber mein Problem ist immer noch da weshalb ich dich um hilfe bat. Also wie kann ich getwindow und TBUpdater nun endlich vom System löschen???? |
|
15.08.2013, 18:58
| #66 |
| /// Malware-holic | http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? Hi, 1. Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Lissi1\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
SearchScopes: HKCU - 63D76E6EC6B04284B071A585DCBE8EA6 URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=53E641BF-D5D6-4646-8077-EE58703B9D12&apn_sauid=45E38BAC-10B5-487C-BE1B-F389560F4295
BHO-x32: No Name - {120A8821-2BEE-4C29-BCDA-62C577781992} - No File
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - No File
Toolbar: HKLM - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKLM-x32 - No Name - !{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
Toolbar: HKLM-x32 - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
C:\Users\Lissi1\AppData\Roaming\Windows Net Data
und klicke den Fix Button.[*] Das Tool erstellt eine nach Neustart. 2. bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen. Wenn nu alles geht: 3. Die Reihenfolge ist hier entscheidend.
4. PC absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. Computeractive Software Store - Emsisoft Anti-Malware 8 [1-PC] - 63% off RRP testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: http://support.google.com/chrome/bin...&answer=118663 anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Password Manager, Form Filler, Password Management | RoboForm Password Manager anleitung: RoboForm Manual
__________________ --> http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? |
|
15.08.2013, 20:01
| #67 |
| | http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? Hi, getwindow Info habe ich gestern selber per Hand gelöscht bekommen und TBUpdater ist immer noch da!!! habe gestern meine Programme wieder aufgespielt die Combofix gelöscht hat. Coral, Avira. Outlook habe ich wieder zurück benannt, hieß ComboFixO und meinen Windows Explorer habe ich nach suchen auch wieder gefunden hieß Combofix. www_getwindowinfo ist dank ProcessExplorer gafunden und gekillt, TBUpdater ist weiter da und Stört. Combo will seine files nicht löschen und leider habe ich nicht alle gefunden und per Hand löschen können. gibt es noch eione andere Möglichkeit TBUpdater zu killen? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2013 01 Ran by Lissi1 at 2013-08-15 20:49:01 Run:2 Running from C:\Users\Lissi1\Desktop Boot Mode: Normal ============================================== C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk not found. C:\Users\Lissi1\AppData\Roaming\Windows Net Data\net.exe not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\63D76E6EC6B04284B071A585DCBE8EA6 URL = => Value not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992} => Key not found. HKCR\Wow6432Node\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found. HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba696155-d96e-4281-b467-0367a0456474} => Key not found. HKCR\Wow6432Node\CLSID\{ba696155-d96e-4281-b467-0367a0456474} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Value not found. HKCR\CLSID\!{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} => Value not found. HKCR\Wow6432Node\CLSID\!{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Value not found. HKCR\Wow6432Node\CLSID\!{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found. "C:\Users\Lissi1\AppData\Roaming\Windows Net Data" => File/Directory not found. ==== End of Fixlog ==== FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Lissi1 (administrator) on 15-08-2013 20:50:57
Running from C:\Users\Lissi1\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Guillemot Corporation S.A.) C:\Program Files (x86)\Hercules\Hercules HD Exchange\XtrCtrlEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Dropbox, Inc.) C:\Users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [CamserviceHDExchange] - C:\Program Files (x86)\Hercules\Hercules HD Exchange\XtrCtrlEx.exe [3391344 2012-01-12] (Guillemot Corporation S.A.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation)
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()
Startup: C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
Toolbar: HKLM-x32 - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=080613"
CHR Extension: (Plus-HD-2.4) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmbfiljpkaijkdifoaacbpallpfkkf\1.23.29_0
CHR Extension: (Skype Click to Call) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-14] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 Crypkey License; crypserv.exe [x]
==================== Drivers (Whitelisted) ====================
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-22] (GFI Software)
R3 guillflt; C:\Windows\System32\DRIVERS\guillflt.sys [65024 2009-06-04] (Guillemot Corp S.A.)
R3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [111104 2009-02-08] (Guillemot Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3359832 2011-06-16] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-15 20:43 - 2013-08-15 20:43 - 00039966 _____ C:\Users\Lissi1\Desktop\Addition.txt
2013-08-15 20:42 - 2013-08-15 20:42 - 00000000 ____D C:\FRST
2013-08-15 20:37 - 2013-08-15 20:37 - 01575570 _____ (Farbar) C:\Users\Lissi1\Desktop\FRST64.exe
2013-08-15 20:36 - 2013-08-15 20:36 - 00001165 _____ C:\DelFix.txt
2013-08-15 20:34 - 2013-08-15 20:34 - 00706916 _____ C:\Users\Lissi1\Downloads\delfix.exe
2013-08-14 22:16 - 2013-08-14 22:17 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Rovio Entertainment Ltd
2013-08-14 22:16 - 2013-08-14 22:16 - 00001318 _____ C:\Users\Public\Desktop\Angry Birds Star Wars.lnk
2013-08-14 22:16 - 2013-08-14 22:16 - 00000000 ____D C:\Program Files (x86)\Rovio Entertainment Ltd
2013-08-14 22:10 - 2013-08-14 22:16 - 78705368 _____ (Rovio Entertainment Ltd.) C:\Users\Lissi1\Desktop\AngryBirdsStarWarsInstaller_1-2-0.exe
2013-08-14 20:24 - 2013-08-14 20:24 - 00000260 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_202410.reg
2013-08-14 20:23 - 2013-08-14 20:23 - 00096454 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_202313.reg
2013-08-14 20:23 - 2013-08-14 20:23 - 00002466 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_202348.reg
2013-08-14 17:56 - 2013-08-15 20:25 - 00004144 _____ C:\Windows\PFRO.log
2013-08-14 17:55 - 2013-08-14 17:55 - 00000085 _____ C:\Windows\wininit.ini
2013-08-14 16:40 - 2013-08-14 16:40 - 01191834 _____ C:\Users\Lissi1\Desktop\ProcessExplorer_1540.zip
2013-08-14 16:20 - 2013-08-14 16:20 - 525840747 _____ C:\Windows\MEMORY.DMP
2013-08-14 16:20 - 2013-08-14 16:20 - 00455144 _____ C:\Windows\Minidump\081413-15568-01.dmp
2013-08-14 15:18 - 2013-08-15 20:45 - 00001240 _____ C:\Windows\error.log
2013-08-14 15:18 - 2013-08-15 20:44 - 00000840 _____ C:\Windows\setupact.log
2013-08-14 15:18 - 2013-08-14 15:18 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 15:17 - 2013-08-15 20:44 - 00000280 _____ C:\Windows\errord.log
2013-08-14 14:53 - 2013-08-14 15:10 - 00013576 _____ C:\Windows\IE10_main.log
2013-08-14 14:46 - 2013-08-14 14:46 - 00017342 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_144558.reg
2013-08-14 14:45 - 2013-08-14 14:45 - 00093606 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_144536.reg
2013-08-14 14:38 - 2013-08-14 14:38 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-14 14:38 - 2013-08-14 14:38 - 00000000 ____D C:\Program Files\CCleaner
2013-08-14 12:42 - 2013-08-14 12:46 - 00000000 ____D C:\AdwCleaner
2013-08-14 12:42 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 12:42 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 12:42 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 12:42 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 12:42 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 12:42 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 12:42 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 12:42 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 12:42 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 12:42 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-14 12:42 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-14 12:42 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-14 12:42 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 12:42 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 12:42 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-14 12:41 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 12:41 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 12:41 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 12:41 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 12:41 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 12:41 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 12:41 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 12:41 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 12:41 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-14 12:41 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 12:41 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 12:41 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 12:41 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-14 12:41 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 12:41 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 12:41 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 12:41 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 08:56 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:56 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:56 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:56 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:56 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:56 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:56 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:56 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:56 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:56 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:56 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:56 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:56 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:56 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:56 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:56 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:56 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:56 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:56 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:56 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:56 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:55 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:55 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:55 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:55 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:55 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:55 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 23:08 - 2013-08-13 23:08 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-13 23:08 - 2013-08-13 23:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-13 23:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-13 23:01 - 2013-08-13 23:01 - 00002226 _____ C:\Users\Public\Desktop\Webcam Station Evolution SE.lnk
2013-08-13 22:36 - 2013-08-13 22:37 - 00000000 ____D C:\Users\Lissi1\AppData\Local\adawarebp
2013-08-13 22:34 - 2013-08-13 22:34 - 00000542 _____ C:\Windows\system32\.crusader
2013-08-13 20:58 - 2013-08-15 20:36 - 00000000 ____D C:\Windows\ERUNT
2013-08-13 11:58 - 2013-08-13 11:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_guillflt_01007.Wdf
2013-08-13 11:57 - 2013-08-13 23:01 - 00000000 ____D C:\Program Files (x86)\Hercules
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Windows\HerculesWebcamUpdater
2013-08-13 11:57 - 2011-06-27 09:31 - 00589824 _____ (Guillemot Corporation S.A.) C:\Windows\SysWOW64\HWLMSET2.exe
2013-08-13 11:57 - 2011-06-27 09:31 - 00009728 _____ C:\Windows\SysWOW64\HWLMSET2PS.dll
2013-08-13 11:57 - 2011-06-16 16:34 - 03359832 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\S6000KNT.sys
2013-08-13 11:57 - 2011-06-16 16:34 - 00076376 _____ C:\Windows\system32\S6000DIF.dll
2013-08-13 11:57 - 2009-06-04 09:34 - 00065024 _____ (Guillemot Corp S.A.) C:\Windows\system32\Drivers\guillflt.sys
2013-08-13 11:57 - 2009-02-08 23:43 - 00111104 _____ (Guillemot Corporation) C:\Windows\system32\Drivers\hxctlflt.sys
2013-08-13 11:57 - 2003-09-23 04:36 - 00013448 _____ C:\Windows\S6000Twn.src
2013-08-13 11:57 - 2003-09-23 03:49 - 00015190 _____ C:\Windows\S6000Twn.ini
2013-08-13 11:56 - 2013-08-13 11:56 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\InstallShield
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____D C:\Users\Lissi1\Saved Games\Documents\Corel VideoStudio Pro
2013-08-12 21:08 - 2013-08-12 21:08 - 00000000 ____D C:\Computer
2013-08-12 20:41 - 2013-08-15 20:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 20:41 - 2013-08-12 20:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-12 20:41 - 2013-08-12 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-12 20:41 - 2013-08-12 20:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 11:03 - 2013-08-12 20:39 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Adobe
2013-08-11 16:37 - 2013-08-11 16:37 - 00000000 ____D C:\found.000
2013-08-09 19:38 - 2013-08-12 23:38 - 00000000 ____D C:\Users\Lissi1\Desktop\hagen
2013-08-07 10:32 - 2013-08-07 10:32 - 00000000 _____ C:\autoexec.bat
2013-08-07 10:30 - 2013-08-07 11:35 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 10:23 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-07 10:23 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-07 00:12 - 2013-08-07 00:12 - 00141008 _____ C:\Users\Lissi1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-07 00:10 - 2013-08-07 00:10 - 00524744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 18:55 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-06 18:55 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-06 18:20 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-06 18:20 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-06 18:20 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-06 18:20 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-06 18:20 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-06 18:20 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-06 18:20 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-06 18:20 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-06 18:20 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-06 18:20 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-06 18:20 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-06 18:20 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-06 18:20 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-06 18:20 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-06 18:20 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-06 18:20 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-06 18:20 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-06 18:20 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-06 18:20 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-06 18:20 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-06 18:20 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-06 18:20 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-06 18:20 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-06 18:20 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-06 18:20 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-06 18:18 - 2013-08-14 12:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-06 18:13 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAW.DLL
2013-08-06 18:07 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag (1).js
2013-08-06 18:06 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag.js
2013-08-06 18:00 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-06 18:00 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-06 18:00 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-06 18:00 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-06 18:00 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-06 18:00 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-06 18:00 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 10:54 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-06 10:54 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-06 10:54 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-06 10:54 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-06 10:54 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-06 10:54 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-06 10:54 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-06 10:54 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-06 10:54 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-06 10:54 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-08-06 10:54 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-08-06 10:54 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-08-06 10:53 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-06 10:53 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-06 10:53 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-06 10:53 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-06 10:53 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-06 10:53 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-06 10:53 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-06 10:53 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-08-06 10:53 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-08-06 10:53 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-08-06 10:52 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-06 10:52 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-06 10:52 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-08-06 10:52 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-06 10:51 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-06 10:51 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-06 10:51 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-08-06 10:51 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-08-06 10:50 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-08-06 10:50 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-06 10:50 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-06 10:50 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-08-06 10:50 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-06 10:17 - 2013-08-06 10:32 - 00000000 ____D C:\Windows\erdnt
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:26 - 2013-08-07 00:09 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-05 11:49 - 2013-08-05 11:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Avira
2013-08-05 11:44 - 2013-08-05 11:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 11:42 - 2013-08-05 11:43 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 11:42 - 2013-08-05 11:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 11:42 - 2013-08-05 11:35 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 11:42 - 2013-08-05 11:35 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 11:42 - 2013-08-05 11:35 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-26 13:22 - 2013-08-12 23:38 - 00000000 ____D C:\Users\Lissi1\Desktop\Lissi Teich
2013-07-26 06:15 - 2013-07-26 06:15 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-07-25 19:22 - 2013-08-12 23:38 - 00000000 ____D C:\Users\Lissi1\Desktop\MalleTauchen
2013-07-25 16:48 - 2013-07-25 19:12 - 1071260076 _____ C:\Users\Lissi1\Downloads\Archiv20130709-1430.zip
2013-07-23 18:20 - 2013-08-14 15:13 - 00003876 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-07-23 18:20 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-07-23 18:20 - 2013-07-23 18:20 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-07-22 17:03 - 2013-07-22 17:03 - 00004171 _____ C:\Users\Lissi1\Desktop\TauchenAlissa.wlmp
2013-07-22 16:53 - 2013-07-22 17:03 - 00004166 _____ C:\Users\Lissi1\Desktop\Tauchen1.wlmp
2013-07-22 14:41 - 2013-07-14 19:47 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430 - Kopie.mov
2013-07-17 18:43 - 2013-07-17 18:43 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Deployment
2013-07-17 16:37 - 2013-07-17 17:49 - 00001447 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-17 16:37 - 2013-07-17 17:49 - 00001413 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
==================== One Month Modified Files and Folders =======
2013-08-15 20:49 - 2012-12-24 23:53 - 00004086 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-08-15 20:49 - 2012-12-24 23:51 - 00004122 _____ C:\Windows\System32\Tasks\Software Updater
2013-08-15 20:47 - 2013-08-15 20:47 - 00065536 ___HT C:\Users\Lissi1\~Outlooklissa.pst.tmp
2013-08-15 20:47 - 2012-02-04 18:48 - 00000000 ____D C:\Users\Lissi1
2013-08-15 20:46 - 2012-10-23 16:44 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Dropbox
2013-08-15 20:45 - 2013-08-14 15:18 - 00001240 _____ C:\Windows\error.log
2013-08-15 20:45 - 2012-10-23 16:46 - 00000000 ___RD C:\Users\Lissi1\Dropbox
2013-08-15 20:45 - 2012-02-04 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-15 20:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 20:44 - 2013-08-14 15:18 - 00000840 _____ C:\Windows\setupact.log
2013-08-15 20:44 - 2013-08-14 15:17 - 00000280 _____ C:\Windows\errord.log
2013-08-15 20:44 - 2013-08-12 20:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-15 20:44 - 2012-02-04 18:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 20:44 - 2012-02-04 18:43 - 01861237 _____ C:\Windows\WindowsUpdate.log
2013-08-15 20:43 - 2013-08-15 20:43 - 00039966 _____ C:\Users\Lissi1\Desktop\Addition.txt
2013-08-15 20:42 - 2013-08-15 20:42 - 00000000 ____D C:\FRST
2013-08-15 20:37 - 2013-08-15 20:37 - 01575570 _____ (Farbar) C:\Users\Lissi1\Desktop\FRST64.exe
2013-08-15 20:36 - 2013-08-15 20:36 - 00001165 _____ C:\DelFix.txt
2013-08-15 20:36 - 2013-08-13 20:58 - 00000000 ____D C:\Windows\ERUNT
2013-08-15 20:34 - 2013-08-15 20:34 - 00706916 _____ C:\Users\Lissi1\Downloads\delfix.exe
2013-08-15 20:34 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 20:34 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 20:25 - 2013-08-14 17:56 - 00004144 _____ C:\Windows\PFRO.log
2013-08-15 20:23 - 2012-02-04 18:47 - 00000000 ___RD C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-15 08:12 - 2012-09-20 17:48 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Skype
2013-08-14 22:17 - 2013-08-14 22:16 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Rovio Entertainment Ltd
2013-08-14 22:16 - 2013-08-14 22:16 - 00001318 _____ C:\Users\Public\Desktop\Angry Birds Star Wars.lnk
2013-08-14 22:16 - 2013-08-14 22:16 - 00000000 ____D C:\Program Files (x86)\Rovio Entertainment Ltd
2013-08-14 22:16 - 2013-08-14 22:10 - 78705368 _____ (Rovio Entertainment Ltd.) C:\Users\Lissi1\Desktop\AngryBirdsStarWarsInstaller_1-2-0.exe
2013-08-14 20:24 - 2013-08-14 20:24 - 00000260 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_202410.reg
2013-08-14 20:23 - 2013-08-14 20:23 - 00096454 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_202313.reg
2013-08-14 20:23 - 2013-08-14 20:23 - 00002466 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_202348.reg
2013-08-14 17:55 - 2013-08-14 17:55 - 00000085 _____ C:\Windows\wininit.ini
2013-08-14 16:40 - 2013-08-14 16:40 - 01191834 _____ C:\Users\Lissi1\Desktop\ProcessExplorer_1540.zip
2013-08-14 16:20 - 2013-08-14 16:20 - 525840747 _____ C:\Windows\MEMORY.DMP
2013-08-14 16:20 - 2013-08-14 16:20 - 00455144 _____ C:\Windows\Minidump\081413-15568-01.dmp
2013-08-14 16:20 - 2013-05-02 17:05 - 00000000 ____D C:\Windows\Minidump
2013-08-14 15:19 - 2012-04-13 16:05 - 03463168 ___SH C:\Users\Lissi1\Desktop\Thumbs.db
2013-08-14 15:18 - 2013-08-14 15:18 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 15:13 - 2013-07-23 18:20 - 00003876 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-14 15:12 - 2012-12-24 23:50 - 00003518 _____ C:\Windows\System32\Tasks\Hoolapp for Android
2013-08-14 15:12 - 2012-12-24 23:50 - 00003316 _____ C:\Windows\System32\Tasks\Hoolapp Init
2013-08-14 15:10 - 2013-08-14 14:53 - 00013576 _____ C:\Windows\IE10_main.log
2013-08-14 14:46 - 2013-08-14 14:46 - 00017342 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_144558.reg
2013-08-14 14:45 - 2013-08-14 14:45 - 00093606 _____ C:\Users\Lissi1\Saved Games\Documents\cc_20130814_144536.reg
2013-08-14 14:44 - 2011-07-18 22:54 - 00000000 ____D C:\Windows\Panther
2013-08-14 14:38 - 2013-08-14 14:38 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-14 14:38 - 2013-08-14 14:38 - 00000000 ____D C:\Program Files\CCleaner
2013-08-14 13:51 - 2012-09-20 17:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-14 13:51 - 2012-09-20 17:48 - 00000000 ____D C:\ProgramData\Skype
2013-08-14 12:50 - 2012-02-04 19:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 12:49 - 2011-05-16 16:04 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-14 12:49 - 2011-05-16 16:04 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-14 12:49 - 2009-07-14 07:13 - 01519624 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 12:46 - 2013-08-14 12:42 - 00000000 ____D C:\AdwCleaner
2013-08-14 12:45 - 2013-08-06 18:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 12:44 - 2011-07-18 22:31 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 23:08 - 2013-08-13 23:08 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-13 23:08 - 2013-08-13 23:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-13 23:01 - 2013-08-13 23:01 - 00002226 _____ C:\Users\Public\Desktop\Webcam Station Evolution SE.lnk
2013-08-13 23:01 - 2013-08-13 11:57 - 00000000 ____D C:\Program Files (x86)\Hercules
2013-08-13 23:01 - 2011-07-18 23:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-13 22:37 - 2013-08-13 22:36 - 00000000 ____D C:\Users\Lissi1\AppData\Local\adawarebp
2013-08-13 22:34 - 2013-08-13 22:34 - 00000542 _____ C:\Windows\system32\.crusader
2013-08-13 21:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-13 11:58 - 2013-08-13 11:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_guillflt_01007.Wdf
2013-08-13 11:57 - 2013-08-13 11:57 - 00000000 ____D C:\Windows\HerculesWebcamUpdater
2013-08-13 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2013-08-13 11:56 - 2013-08-13 11:56 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\InstallShield
2013-08-12 23:38 - 2013-08-09 19:38 - 00000000 ____D C:\Users\Lissi1\Desktop\hagen
2013-08-12 23:38 - 2013-07-26 13:22 - 00000000 ____D C:\Users\Lissi1\Desktop\Lissi Teich
2013-08-12 23:38 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Lissi1\Desktop\MalleTauchen
2013-08-12 23:38 - 2013-06-15 16:45 - 00000000 ____D C:\Users\Lissi1\Desktop\Fohlenhof
2013-08-12 23:38 - 2013-06-12 17:55 - 00000000 ____D C:\Users\Lissi1\Desktop\LissiSchwimmfest
2013-08-12 23:38 - 2013-06-12 13:51 - 00000000 ____D C:\Users\Lissi1\Desktop\schwimmfest2013
2013-08-12 23:38 - 2013-06-11 07:55 - 00000000 ____D C:\Users\Lissi1\Desktop\garten2013
2013-08-12 23:38 - 2013-06-11 07:54 - 00000000 ____D C:\Users\Lissi1\Desktop\Norderney
2013-08-12 23:38 - 2013-06-08 14:03 - 00000000 ____D C:\Users\Lissi1\Desktop\tiergartenSommer
2013-08-12 23:38 - 2013-05-25 21:23 - 00000000 ____D C:\Users\Lissi1\Desktop\Turnier2013
2013-08-12 23:38 - 2012-02-05 11:48 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Ulead Systems
2013-08-12 23:37 - 2013-08-12 23:37 - 00000000 ____D C:\Users\Lissi1\Saved Games\Documents\Corel VideoStudio Pro
2013-08-12 23:37 - 2012-02-24 17:55 - 00006738 ___SH C:\ProgramData\KGyGaAvL.sys
2013-08-12 21:08 - 2013-08-12 21:08 - 00000000 ____D C:\Computer
2013-08-12 20:44 - 2012-05-27 20:06 - 00000000 ____D C:\Program Files (x86)\Intenium
2013-08-12 20:41 - 2013-08-12 20:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-12 20:41 - 2013-08-12 20:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-12 20:41 - 2013-08-12 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-12 20:41 - 2013-08-12 20:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 20:41 - 2012-12-16 17:13 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-12 20:41 - 2011-07-18 23:14 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-12 20:39 - 2013-08-12 11:03 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Adobe
2013-08-12 20:24 - 2012-02-04 18:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-12 20:23 - 2012-07-15 22:08 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\DVDVideoSoft
2013-08-12 20:22 - 2012-08-12 12:59 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-08-11 19:57 - 2012-12-24 23:48 - 00000000 ____D C:\Program Files (x86)\SelfUpdater
2013-08-11 16:44 - 2013-03-10 20:20 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\MyPhoneExplorer
2013-08-11 16:37 - 2013-08-11 16:37 - 00000000 ____D C:\found.000
2013-08-10 18:26 - 2013-03-10 20:25 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-08-10 18:25 - 2013-03-10 21:04 - 00002065 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-08-10 18:25 - 2013-03-10 21:04 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-08-07 20:07 - 2012-05-09 15:16 - 00002592 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-07 11:35 - 2013-08-07 10:30 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 10:32 - 2013-08-07 10:32 - 00000000 _____ C:\autoexec.bat
2013-08-07 01:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-07 00:12 - 2013-08-07 00:12 - 00141008 _____ C:\Users\Lissi1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-07 00:10 - 2013-08-07 00:10 - 00524744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-07 00:09 - 2013-08-05 12:26 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-06 18:38 - 2012-02-04 18:47 - 00000000 ___RD C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-06 18:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-06 18:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-06 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-06 18:33 - 2011-04-12 10:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-06 18:07 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag (1).js
2013-08-06 18:07 - 2013-08-06 18:06 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag.js
2013-08-06 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-08-06 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sl-SI
2013-08-06 14:38 - 2013-08-06 14:38 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 11:44 - 2012-11-24 19:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 11:44 - 2012-11-24 19:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 10:33 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-06 10:32 - 2013-08-06 10:17 - 00000000 ____D C:\Windows\erdnt
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 11:49 - 2013-08-05 11:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Avira
2013-08-05 11:44 - 2013-08-05 11:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 11:43 - 2013-08-05 11:42 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 11:42 - 2013-08-05 11:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 11:35 - 2013-08-05 11:42 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 11:35 - 2013-08-05 11:42 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 11:35 - 2013-08-05 11:42 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-01 03:08 - 2013-07-23 18:20 - 00032328 _____ C:\Windows\Launcher.exe
2013-07-26 06:15 - 2013-07-26 06:15 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-07-25 19:12 - 2013-07-25 16:48 - 1071260076 _____ C:\Users\Lissi1\Downloads\Archiv20130709-1430.zip
2013-07-25 11:25 - 2013-08-14 08:56 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 08:56 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-25 05:54 - 2013-08-14 12:41 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 05:37 - 2013-08-14 12:41 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 05:35 - 2013-08-14 12:41 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 05:31 - 2013-08-14 12:42 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 05:30 - 2013-08-14 12:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 05:29 - 2013-08-14 12:42 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 05:29 - 2013-08-14 12:41 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 05:29 - 2013-08-14 12:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 05:28 - 2013-08-14 12:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 05:28 - 2013-08-14 12:41 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 05:28 - 2013-08-14 12:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 05:28 - 2013-08-14 12:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 05:28 - 2013-08-14 12:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 05:27 - 2013-08-14 12:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 05:27 - 2013-08-14 12:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-25 05:26 - 2013-08-14 12:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 04:40 - 2013-08-14 12:41 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 04:32 - 2013-08-14 12:41 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 04:30 - 2013-08-14 12:41 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 04:26 - 2013-08-14 12:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 04:26 - 2013-08-14 12:42 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 04:25 - 2013-08-14 12:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-25 04:24 - 2013-08-14 12:42 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-25 04:24 - 2013-08-14 12:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 04:23 - 2013-08-14 12:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-25 04:23 - 2013-08-14 12:42 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-25 04:23 - 2013-08-14 12:41 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 04:23 - 2013-08-14 12:41 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 04:23 - 2013-08-14 12:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 04:22 - 2013-08-14 12:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 04:22 - 2013-08-14 12:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 04:22 - 2013-08-14 12:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-23 18:20 - 2013-07-23 18:20 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-07-22 17:03 - 2013-07-22 17:03 - 00004171 _____ C:\Users\Lissi1\Desktop\TauchenAlissa.wlmp
2013-07-22 17:03 - 2013-07-22 16:53 - 00004166 _____ C:\Users\Lissi1\Desktop\Tauchen1.wlmp
2013-07-19 03:58 - 2013-08-14 08:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-14 08:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-18 20:44 - 2012-12-27 12:37 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\BOM
2013-07-17 18:43 - 2013-07-17 18:43 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Deployment
2013-07-17 18:43 - 2012-09-17 16:53 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Apps\2.0
2013-07-17 18:34 - 2013-02-09 17:40 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-17 18:34 - 2012-02-04 21:31 - 00000000 ____D C:\Program Files (x86)\ScanWizard 5
2013-07-17 18:34 - 2011-07-18 23:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-17 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-17 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-17 18:21 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-17 18:13 - 2013-02-09 17:37 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Ad-Aware Antivirus
2013-07-17 17:49 - 2013-07-17 16:37 - 00001447 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-17 17:49 - 2013-07-17 16:37 - 00001413 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-17 09:24 - 2012-02-04 18:44 - 00000000 ____D C:\Program Files\Google
2013-07-16 08:43 - 2012-02-04 19:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Google
2013-07-16 08:43 - 2012-02-04 18:44 - 00000000 ____D C:\ProgramData\Google
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 05:58
==================== End Of Log ============================
--- --- --- Ich nutze kein Google Chrom, ich nute nur google auf IE9 |
|
15.08.2013, 20:13
| #68 |
| /// Malware-holic | http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? Hi, script noch mal editiert, führe es bitte noch mal aus, gucke dann, wie es läuft. welche Fehlermeldung gibts denn beim löschen? bzw hat Delfix auch was ausgeworfen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.08.2013, 20:36
| #69 |
| | http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? welches Skript???? es wird ja nihcts gelöscht von dem TBUpdater, FRST macht nichts. delfix hat nichts ausgeworfen nur FRST und alle TXT gelöscht in der reg sind keine einträge wie die Folgenden die du gesentet hast. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\63D76E6EC6B04284B071A585DCBE8EA6 URL = => Value not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992} => Key not found. HKCR\Wow6432Node\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found. HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found. und dennoch bleibt TBUpdater beim Start stehen und kommt so alle 10 Minuten wieder wenn man ihn abbricht |
|
15.08.2013, 22:10
| #70 |
| /// Malware-holic | http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? bitte führe das script trotzdem aus oder lass von mir aus die 3 zeilen weg. frst musst du dann natürlich evtl. neu laden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner? |
| ad aware, adwcleaner, aktiv, arten, aware, beseitigen, datei, einiger, explorer, fehlermeldung, http://www_getwindowinfo/, installier, installiert, inter, interne, internet, internet explorer, problem, programme, rechner, seite, server, starte, starten, tbupdater.dll, worte |
Linear-Darstellung
