PUP.Optional.OpenCandy in Dritthersteller Software mitinstalliert

FJ1 · 28.11.2013, 19:27

Hallo,

habe auf meinem neuen Rechner via chip.de den Free Youtube Downloader heruntergeladen und installiert - hatte zuvor nie Probleme mit diesem Programm.

Heute hat Malwarebytes dann aber Adware gefunden, welche ich es dann habe löschen lassen, die Logs folgen:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.28.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
XXXXXX :: XXXXXXXXXX [Administrator]

28.11.2013 14:01:52
MBAM-log-2013-11-28 (18-27-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 478753
Laufzeit: 1 Stunde(n), 23 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\XXXXXX\AppData\Local\Temp\is-I4JBT.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\XXXXXX\Downloads\FreeYouTubeDownload_3.2.16.1030.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)

und

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.28.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
XXXXXX :: XXXXXXXXXX [Administrator]

28.11.2013 14:01:52
mbam-log-2013-11-28 (14-01-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 478753
Laufzeit: 1 Stunde(n), 23 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\XXXXXX\AppData\Local\Temp\is-I4JBT.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXXXX\Downloads\FreeYouTubeDownload_3.2.16.1030.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich habe danach dann eine Suche mit AdwCleaner gestartet, hier der Log:

Code:

ATTFilter

# AdwCleaner v3.013 - Bericht erstellt am 28/11/2013 um 18:56:37
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : XXXXXX - XXXXXXXXXX
# Gestartet von : C:\Users\XXXXXX\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\ProgramData\boost_interprocess

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\dm1l19jo.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [871 octets] - [28/11/2013 18:56:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [930 octets] ##########

Ich habe noch keine weiteren Schritte unternommen.
Muss ich mir Sorgen machen?
Und kann ich AdwCleaner die gefundenen Objekte ohne Bedenken löschen lassen?

Vielen Dank im Voraus für Eure Hilfe.

cosinus · 29.11.2013, 01:59

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

FJ1 · 29.11.2013, 13:08

Hallo,

danke für die schnelle Antwort. Ich muss die Logfiles leider als Archiv anhängen, da sie sonst zu lang sind. Ich habe noch zwei Avira Antivir Logs ohne Funde, die ich auch hinzufüge.

cosinus · 29.11.2013, 13:20

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

FJ1 · 29.11.2013, 14:41

mbar hat nichts gefunden, allerdings beim Start auf eine Datei namens "Applnit.dll" hingewiesen und wollte diese löschen; ich habe es diese dann vorsichtshalber nicht löschen lassen, sondern bin normal fortgefahren.

Hier der Log:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.29.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
XXXXXX :: XXXXXXXXXX [administrator]

29.11.2013 14:12:24
mbar-log-2013-11-29 (14-12-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 245539
Time elapsed: 17 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Danke nochmals für die superschnelle Antwort!

cosinus · 29.11.2013, 15:49

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FJ1 · 29.11.2013, 16:32

Hi,

hier die Logs:

Code:

ATTFilter

# AdwCleaner v3.013 - Bericht erstellt am 29/11/2013 um 16:03:01
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : XXXXXX - XXXXXXXXXX
# Gestartet von : C:\Users\XXXXXX\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\dm1l19jo.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1009 octets] - [28/11/2013 18:56:37]
AdwCleaner[R1].txt - [1069 octets] - [29/11/2013 16:01:30]
AdwCleaner[S0].txt - [994 octets] - [29/11/2013 16:03:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1053 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by XXXXXX on 29.11.2013 at 16:09:24,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\XXXXXX\appdata\local\software"



~~~ FireFox

Emptied folder: C:\Users\XXXXXX\AppData\Roaming\mozilla\firefox\profiles\dm1l19jo.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.11.2013 at 16:11:23,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by XXXXXX (administrator) on XXXXXXXXXX on 29-11-2013 16:13:03
Running from C:\Users\XXXXXX\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Fabian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2013-01-17] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] ( (Atheros Communications))
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\XXXXXX\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 

[400704 2013-05-22] ()
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec 

Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845832 2013-02-20] (Acer Incorporated)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-02-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-20] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {3AFABBB2-D51C-4626-A0A6-78246BC53382} URL = hxxp://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {3AFABBB2-D51C-4626-A0A6-78246BC53382} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p=

{searchTerms}
SearchScopes: HKLM-x32 - {3AFABBB2-D51C-4626-A0A6-78246BC53382} URL = hxxp://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-

acer_001&p={searchTerms}
SearchScopes: HKCU - {3AFABBB2-D51C-4626-A0A6-78246BC53382} URL = 
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p=

{searchTerms}
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros 

Commnucations)

FireFox:
========
FF ProfilePath: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\dm1l19jo.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT

\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT

\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration

\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Fabian\AppData\Local\Program Files\Amazon\MP3 Downloader

\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: adblockpopups - C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\dm1l19jo.default\Extensions

\adblockpopups@jessehakanen.net.xpi
FF Extension: Adblock Plus - C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\dm1l19jo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-

2b9879e08c5d}.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [972872 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) 

Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83160 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-01-17] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-29 16:13 - 2013-11-29 16:13 - 00012048 _____ C:\Users\XXXXXX\Desktop\FRST.txt
2013-11-29 16:11 - 2013-11-29 16:11 - 00000884 _____ C:\Users\XXXXXX\Desktop\JRT.txt
2013-11-29 16:09 - 2013-11-29 16:09 - 00000000 ____D C:\Windows\ERUNT
2013-11-29 16:08 - 2013-11-29 16:08 - 01034531 _____ (Thisisu) C:\Users\XXXXXX\Downloads\JRT.exe
2013-11-29 16:04 - 2013-11-29 16:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-29 15:26 - 2013-11-29 15:52 - 484972195 _____ C:\Users\XXXXXX\Desktop\the.x.factor.us.s03e20.hdtv.x264-2hd.mp4
2013-11-29 14:12 - 2013-11-29 14:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-29 14:12 - 2013-11-29 14:12 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-29 14:11 - 2013-11-29 14:11 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-29 14:10 - 2013-11-29 14:36 - 00000000 ____D C:\Users\XXXXXX\Desktop\mbar
2013-11-29 14:09 - 2013-11-29 14:09 - 12576792 _____ (Malwarebytes Corp.) C:\Users\XXXXXX\Desktop\mbar-1.07.0.1007.exe
2013-11-29 13:06 - 2013-11-29 13:06 - 00027679 _____ C:\Users\XXXXXX\Desktop\Logfiles TB.rar
2013-11-29 12:53 - 2013-11-29 12:53 - 00021665 _____ C:\Users\XXXXXX\Desktop\Addition - namen geändert.txt
2013-11-29 12:51 - 2013-11-29 12:51 - 00115105 _____ C:\Users\XXXXXX\Desktop\FRST-namen geändert.txt
2013-11-29 12:24 - 2013-11-29 12:24 - 00000000 ____D C:\FRST
2013-11-29 12:20 - 2013-11-29 13:05 - 00000000 ____D C:\Users\XXXXXX\Desktop\Rechner
2013-11-29 12:19 - 2013-11-29 12:19 - 01959024 _____ (Farbar) C:\Users\XXXXXX\Desktop\FRST64.exe
2013-11-29 12:13 - 2013-11-29 13:05 - 00024122 _____ C:\Users\XXXXXX\Desktop\AVSCAN-20131126-195252-9DE9419F.LOG
2013-11-29 12:11 - 2013-11-29 13:04 - 00026124 _____ C:\Users\XXXXXX\Desktop\AVSCAN-20131126-015303-DF97F406.LOG
2013-11-28 21:24 - 2013-11-28 22:13 - 902279088 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-28 18:56 - 2013-11-29 16:03 - 00000000 ____D C:\AdwCleaner
2013-11-28 18:55 - 2013-11-29 15:52 - 01091882 _____ C:\Users\XXXXXX\Downloads\adwcleaner.exe
2013-11-28 00:54 - 2013-11-28 00:54 - 00010223 _____ C:\Users\XXXXXX\Desktop\FMAtalk.txt
2013-11-28 00:32 - 2013-11-28 01:39 - 00010223 _____ C:\Users\XXXXXX\Desktop\Neues Textdokument.txt
2013-11-27 21:25 - 2013-11-27 21:31 - 313928418 _____ C:\Users\XXXXXX\Downloads\1404-Large.mov
2013-11-27 21:25 - 2013-11-27 21:30 - 261764931 _____ C:\Users\XXXXXX\Downloads\1404-Large.wmv
2013-11-27 15:56 - 2013-11-27 15:56 - 00000000 ____D C:\Windows\de
2013-11-27 15:56 - 2013-11-27 15:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-11-27 15:55 - 2013-11-27 15:55 - 00000000 ____D C:\Windows\PCHEALTH
2013-11-27 15:55 - 2013-11-27 15:55 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-11-27 15:53 - 2013-11-29 01:31 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Windows Live
2013-11-27 04:23 - 2013-11-28 21:34 - 00000000 ____D C:\Users\XXXXXX\Downloads\Neuer Ordner
2013-11-26 01:43 - 2013-11-13 11:54 - 890822947 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-26 01:43 - 2013-11-07 18:28 - 1047222963 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-25 02:11 - 2013-11-25 02:32 - 396439535 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-24 15:45 - 2013-11-27 19:59 - 00000000 ____D C:\Users\XXXXXX\Desktop\Neuer Ordner
2013-11-24 15:41 - 2013-11-24 15:41 - 00000000 ____D C:\Users\XXXXXX\Desktop\Texte und Bilder
2013-11-24 14:03 - 2013-11-24 14:03 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\OpenOffice
2013-11-24 14:01 - 2013-11-24 14:01 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 14:00 - 2013-11-24 14:01 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-11-24 13:58 - 2013-11-24 13:58 - 00000000 ____D C:\Users\XXXXXX\Desktop\OpenOffice 4.0.1 (de) Installation Files
2013-11-24 05:51 - 2013-11-24 05:53 - 163606685 _____ C:\Users\XXXXXX\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-11-24 03:13 - 2013-11-24 03:34 - 391865029 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-22 17:42 - 2013-11-22 17:42 - 00001444 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-11-22 17:41 - 2013-11-22 17:42 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoft
2013-11-22 17:41 - 2013-11-22 17:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-21 01:08 - 2013-11-21 01:09 - 77255136 _____ (Lightworks) C:\Users\XXXXXX\Downloads\lightworks_v11.1.1_full_64bit_setup.exe
2013-11-21 00:52 - 2013-11-21 00:52 - 01245168 _____ (Microsoft Corporation) C:\Users\XXXXXX\Downloads\wlsetup-web.exe
2013-11-20 00:36 - 2013-11-20 00:36 - 00000000 ____D C:\Users\XXXXXX\Documents\CyberLink
2013-11-20 00:36 - 2013-11-20 00:36 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\CyberLink
2013-11-20 00:35 - 2013-11-20 00:35 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Cyberlink
2013-11-19 03:52 - 2013-11-19 03:52 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\MusicPlayer
2013-11-18 23:01 - 2013-11-28 18:37 - 00307760 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-17 21:11 - 2013-11-28 01:20 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\TS3Client
2013-11-17 21:11 - 2013-11-17 21:11 - 00000971 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-11-17 21:11 - 2013-11-17 21:11 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-11-17 18:10 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-17 18:10 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-17 02:37 - 2013-11-17 03:11 - 623633183 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-17 02:34 - 2013-11-17 02:34 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-17 02:33 - 2013-11-17 02:33 - 02074056 _____ C:\Users\XXXXXX\Downloads\winrar-x64-500d.exe
2013-11-16 01:57 - 2013-11-16 01:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 01:23 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-11-16 01:23 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-11-16 01:23 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-11-16 01:23 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-11-16 01:23 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-11-16 01:23 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-11-16 01:23 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-11-16 01:23 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-11-16 01:23 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-11-16 01:23 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-11-16 01:23 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-11-16 01:23 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-11-16 01:23 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-11-16 01:23 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-16 01:23 - 2013-07-31 00:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-11-16 01:23 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-11-16 01:23 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-11-16 01:23 - 2013-06-01 12:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-11-16 01:23 - 2013-06-01 12:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-16 01:23 - 2013-06-01 12:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-11-16 01:23 - 2013-06-01 11:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-11-16 01:23 - 2013-06-01 10:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-11-16 01:23 - 2013-06-01 10:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-11-16 01:23 - 2013-06-01 10:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-11-16 01:23 - 2013-06-01 10:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-11-16 01:23 - 2013-06-01 10:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-11-16 01:23 - 2013-06-01 10:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-11-16 01:23 - 2013-06-01 10:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-16 01:23 - 2013-06-01 10:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-11-16 01:23 - 2013-06-01 10:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-11-16 01:23 - 2013-06-01 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-11-16 01:23 - 2013-06-01 10:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-11-16 01:23 - 2013-06-01 10:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-11-16 01:23 - 2013-06-01 10:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-11-16 01:23 - 2013-06-01 10:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-11-16 01:23 - 2013-06-01 10:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-11-16 01:23 - 2013-06-01 10:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-11-16 01:23 - 2013-05-24 23:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-11-16 01:23 - 2013-05-24 23:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-11-16 01:23 - 2013-05-24 23:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-11-16 01:23 - 2013-05-24 23:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-11-16 01:23 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-11-16 01:23 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-11-16 01:22 - 2013-06-16 23:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-11-16 01:22 - 2013-06-01 10:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-11-16 01:22 - 2013-06-01 10:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-11-16 01:22 - 2013-06-01 04:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-11-14 08:34 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-14 08:34 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-14 08:34 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-14 08:34 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-14 08:34 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-14 08:34 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-14 08:34 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-14 08:34 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-14 08:34 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-14 08:34 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-14 08:34 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-14 08:34 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-14 08:34 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-14 08:34 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-14 08:34 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-14 08:34 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-14 08:34 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-14 08:34 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-14 08:34 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-14 08:34 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-14 08:34 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-14 08:34 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-14 08:34 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-14 08:34 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-14 08:34 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-14 08:34 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-14 08:34 - 2013-07-09 09:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-11-14 08:34 - 2013-07-09 07:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-11-14 08:34 - 2013-07-09 05:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-11-14 08:34 - 2013-07-09 04:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-11-14 08:34 - 2013-07-08 23:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-11-14 08:34 - 2013-07-08 23:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-11-14 08:34 - 2013-07-08 23:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-11-14 08:34 - 2013-07-08 23:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-11-14 08:34 - 2013-07-06 01:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-11-14 08:34 - 2013-07-03 01:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-11-14 08:34 - 2013-07-03 01:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-11-14 08:34 - 2013-07-03 01:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-11-14 08:34 - 2013-07-03 01:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-11-14 08:34 - 2013-07-03 01:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-11-14 08:34 - 2013-07-03 01:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-11-14 08:34 - 2013-06-30 23:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-11-14 08:34 - 2013-06-30 23:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-11-14 08:34 - 2013-06-29 07:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-11-14 08:34 - 2013-06-29 07:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-11-14 08:34 - 2013-06-29 06:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-11-14 08:34 - 2013-06-26 04:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-11-14 08:34 - 2013-06-26 03:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-11-14 08:34 - 2013-06-24 23:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-11-14 08:34 - 2013-06-24 23:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-11-14 08:34 - 2013-06-24 23:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-11-14 08:34 - 2013-06-19 06:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-11-14 08:34 - 2013-06-19 06:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-11-14 08:34 - 2013-06-18 23:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-11-14 08:34 - 2013-06-18 23:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-11-14 08:34 - 2013-06-12 00:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-11-14 08:34 - 2013-06-12 00:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-11-14 08:34 - 2013-06-10 20:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 08:34 - 2013-06-10 20:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 08:34 - 2013-06-10 20:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 08:34 - 2013-06-10 20:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 08:34 - 2013-06-06 09:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-11-14 03:55 - 2013-11-14 08:32 - 00000000 ___RD C:\Windows\BrowserChoice
2013-11-13 23:31 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 23:31 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 23:31 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 22:19 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 21:14 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-13 21:14 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 21:13 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 21:13 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:58 - 2013-11-13 20:58 - 00000000 ____D C:\Users\XXXXXX\Documents\Amazon MP3
2013-11-13 20:58 - 2013-11-13 20:58 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-11-13 20:58 - 2013-11-13 20:58 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Amazon
2013-11-13 20:43 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:43 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:39 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:39 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:06 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 16:06 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 16:06 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 16:06 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 16:06 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 16:06 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 16:06 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 16:06 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 16:06 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 16:06 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 16:06 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 16:06 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 16:06 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 16:06 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 16:06 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 16:06 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 16:06 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 03:49 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 03:49 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 03:49 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-11-13 03:49 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-11-12 23:57 - 2013-11-27 15:55 - 00010408 _____ C:\Windows\DirectX.log
2013-11-12 23:57 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-12 23:57 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-12 23:57 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-12 23:57 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-11-12 23:57 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-12 23:57 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-12 23:57 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-12 23:57 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-11-12 23:57 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-11-12 23:57 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-11-12 23:57 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-12 23:57 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-11-12 23:57 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-12 23:57 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-12 23:57 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-11-12 23:57 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-11-12 23:57 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-12 23:57 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-11-12 23:57 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-12 23:57 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-11-12 23:57 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-11-12 23:57 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-12 23:57 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-11-12 23:57 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-11-12 23:57 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-11-12 23:57 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-12 23:57 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-11-12 23:57 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-11-12 23:57 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-11-12 23:57 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-11-12 23:57 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-11-12 23:57 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-11-12 23:57 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-11-12 23:57 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-11-12 23:57 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-11-12 23:57 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-11-12 23:57 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-11-12 23:57 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-11-12 23:57 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-11-12 23:57 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-12 23:57 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-12 23:57 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-11-12 23:57 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-11-12 23:57 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-12 23:57 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-11-12 23:57 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-12 23:57 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-11-12 23:57 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-11-12 23:57 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-11-12 23:57 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-11-12 23:57 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-11-12 23:57 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-11-12 23:57 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-12 23:57 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-11-12 23:57 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-11-12 23:57 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-12 23:57 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-11-12 23:57 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-12 23:57 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-11-12 23:57 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-11-12 23:57 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-11-12 23:57 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-11-12 23:57 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-11-12 23:57 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-11-12 23:57 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-11-12 23:57 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-11-12 23:57 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-11-12 23:57 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-11-12 23:57 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-11-12 23:57 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-11-12 23:57 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-11-12 23:57 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-11-12 23:57 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-11-12 23:57 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-11-12 23:57 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-11-12 23:57 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-11-12 23:57 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-11-12 23:57 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-11-12 23:57 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-11-12 23:57 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-11-12 23:57 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-11-12 23:57 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-11-12 23:57 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-11-12 23:57 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-11-12 23:57 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-11-12 23:57 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-11-12 23:57 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-11-12 23:57 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-11-12 23:57 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-11-12 23:57 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-11-12 23:57 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-11-12 23:57 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-11-12 23:57 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-11-12 23:57 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-11-12 23:57 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-11-12 23:57 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-11-12 23:57 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-11-12 23:57 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-11-12 23:57 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-11-12 23:57 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-11-12 23:57 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-11-12 23:57 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-11-12 23:57 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-11-12 23:57 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-11-12 23:57 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-11-12 23:57 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-11-12 23:57 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-11-12 23:57 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-11-12 23:57 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-11-12 23:57 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-11-12 23:57 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-11-12 23:57 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-11-12 23:57 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-11-12 23:57 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-11-12 23:57 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-11-12 23:57 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-11-12 23:57 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-11-12 23:57 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-11-12 23:57 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-11-12 23:57 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-11-12 23:57 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-11-12 23:57 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-11-12 23:57 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-11-12 23:57 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-11-12 23:57 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-11-12 23:57 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-11-12 23:57 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-11-12 23:57 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-11-12 23:57 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-11-12 23:57 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-11-12 23:57 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-11-12 23:57 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-11-12 23:57 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-11-12 23:57 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-11-12 23:57 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-11-12 23:57 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-11-12 23:57 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-11-12 23:57 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-11-12 23:57 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-11-12 23:57 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-11-12 23:57 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-11-12 23:57 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-11-12 23:57 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-11-12 23:57 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-11-12 23:57 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-11-12 23:57 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-11-12 23:57 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-11-12 23:57 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-11-12 23:57 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-11-12 23:57 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-11-12 23:57 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-11-12 23:57 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-11-12 23:57 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-11-12 23:57 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-11-12 23:57 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-11-12 23:57 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-11-12 23:57 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-11-12 23:57 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-11-12 23:57 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-11-12 23:57 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-11-12 23:57 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-11-12 23:57 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-11-12 23:57 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-11-12 23:57 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-11-12 23:57 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-11-12 23:57 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-11-12 23:57 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-11-12 23:57 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-11-12 23:52 - 2013-11-12 23:55 - 00000000 ____D C:\ProgramData\Adobe
2013-11-12 23:52 - 2013-11-12 23:52 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-12 23:52 - 2013-11-12 23:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-12 23:51 - 2013-11-19 17:27 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Adobe
2013-11-12 16:21 - 2013-11-13 19:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-12 16:21 - 2013-11-13 19:40 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 16:04 - 2013-11-12 16:04 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\WildTangent
2013-11-12 15:54 - 2013-11-12 16:53 - 00000000 ____D C:\Users\XXXXXX\Desktop\Aikido
2013-11-12 15:45 - 2013-11-12 22:00 - 00000000 ____D C:\Users\XXXXXX\Desktop\Musik
2013-11-12 06:37 - 2013-11-12 06:37 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-12 06:37 - 2013-11-12 06:37 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Malwarebytes
2013-11-12 06:37 - 2013-11-12 06:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 06:37 - 2013-11-12 06:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 06:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-12 06:35 - 2013-11-12 06:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Fabian\Downloads

\mbam-setup-1.75.0.1300.exe
2013-11-12 06:32 - 2013-11-14 13:35 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-12 06:32 - 2013-11-14 13:35 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-12 06:32 - 2013-11-12 06:32 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-12 06:32 - 2013-11-12 06:32 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Avira
2013-11-12 06:32 - 2013-11-12 06:32 - 00000000 ____D C:\ProgramData\Avira
2013-11-12 06:32 - 2013-11-12 06:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-12 06:32 - 2013-10-10 19:11 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-12 06:32 - 2013-10-10 19:11 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-12 06:18 - 2013-11-12 06:20 - 134194160 _____ C:\Users\XXXXXX\Downloads\avira_antivirus_suite_de.exe
2013-11-12 06:07 - 2013-11-12 06:07 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\WinRAR
2013-11-12 06:06 - 2013-11-17 18:09 - 00000000 ____D C:\Program Files\WinRAR
2013-11-12 05:47 - 2013-11-12 05:47 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Macromedia
2013-11-12 05:45 - 2013-11-12 05:45 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\CrashDumps
2013-11-12 05:43 - 2013-11-17 18:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 05:43 - 2013-11-12 23:44 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Mozilla
2013-11-12 05:43 - 2013-11-12 05:43 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-12 05:43 - 2013-11-12 05:43 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Mozilla
2013-11-12 05:43 - 2013-11-12 05:43 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-12 05:41 - 2013-11-12 05:41 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Macromedia
2013-11-12 05:21 - 2013-11-12 05:21 - 00000000 ____D C:\Users\XXXXXX\Desktop\Fotos
2013-11-12 04:41 - 2013-11-28 04:01 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\vlc
2013-11-12 03:03 - 2013-07-02 01:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-11-12 03:03 - 2013-07-01 23:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-11-12 03:02 - 2013-03-02 11:57 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-11-12 03:02 - 2013-03-02 11:39 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2013-11-12 03:02 - 2013-03-02 09:23 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-11-12 03:02 - 2013-03-02 09:23 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-11-12 03:02 - 2013-03-02 09:23 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-11-12 03:02 - 2013-03-02 09:23 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-11-12 03:02 - 2013-03-02 09:22 - 05091840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-12 03:02 - 2013-03-02 09:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-11-12 03:02 - 2013-03-02 09:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-11-12 03:02 - 2013-03-02 03:45 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-12 03:02 - 2013-03-02 03:45 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2013-11-12 03:02 - 2013-03-02 03:45 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-11-12 03:02 - 2013-03-02 03:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2013-11-12 03:02 - 2013-03-02 03:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2013-11-12 03:02 - 2013-03-02 03:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2013-11-12 03:02 - 2013-03-02 03:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2013-11-12 03:02 - 2013-03-02 03:45 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2013-11-12 03:02 - 2013-03-02 03:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-11-12 03:02 - 2013-03-02 03:44 - 05978624 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-12 03:02 - 2013-03-02 03:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2013-11-12 03:02 - 2013-03-01 05:55 - 01175040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-11-12 03:01 - 2013-03-02 11:57 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2013-11-12 03:01 - 2013-03-02 09:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-11-12 03:01 - 2013-03-02 09:21 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-11-12 03:01 - 2013-03-02 09:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-11-12 03:01 - 2013-03-02 03:45 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2013-11-12 03:01 - 2013-03-02 03:45 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\WSDPrintProxy.DLL
2013-11-12 03:01 - 2013-03-02 03:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-11-12 03:01 - 2013-03-02 03:44 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2013-11-12 03:01 - 2013-03-02 03:44 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\NdisImPlatform.dll
2013-11-12 03:01 - 2013-03-02 03:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2013-11-12 03:01 - 2013-03-02 03:43 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2013-11-12 03:01 - 2013-03-02 03:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2013-11-12 03:01 - 2013-03-01 05:56 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2013-11-12 03:01 - 2013-03-01 05:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2013-11-12 02:58 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-12 02:58 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-12 02:58 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-11-12 02:58 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-12 02:58 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-12 02:58 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-11-12 02:58 - 2013-05-24 00:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-11-12 02:58 - 2013-05-23 23:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-11-12 02:58 - 2013-04-09 06:20 - 00306952 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_10ec.dll
2013-11-12 02:58 - 2013-04-09 06:17 - 01829408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-12 02:58 - 2013-04-09 05:51 - 14267904 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-11-12 02:58 - 2013-04-09 05:51 - 03552768 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-11-12 02:58 - 2013-04-09 05:50 - 02107904 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-11-12 02:58 - 2013-04-09 05:50 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-11-12 02:58 - 2013-04-09 05:49 - 01444864 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2013-11-12 02:58 - 2013-04-08 22:52 - 11878912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-11-12 02:58 - 2013-04-08 22:51 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-11-12 02:58 - 2013-04-08 22:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-11-12 02:58 - 2013-04-08 22:51 - 01113600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-11-12 02:57 - 2013-11-12 02:57 - 00000219 _____ C:\Users\XXXXXX\Desktop\Dota 2.url
2013-11-12 02:57 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-11-12 02:57 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-12 02:57 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-12 02:57 - 2013-05-04 08:34 - 00284416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-11-12 02:57 - 2013-05-04 07:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-11-12 02:57 - 2013-05-04 07:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2013-11-12 02:57 - 2013-05-04 07:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-11-12 02:57 - 2013-05-04 07:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2013-11-12 02:57 - 2013-05-04 07:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-11-12 02:57 - 2013-05-04 07:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-11-12 02:57 - 2013-05-04 07:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2013-11-12 02:57 - 2013-05-04 07:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2013-11-12 02:57 - 2013-05-04 07:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2013-11-12 02:57 - 2013-05-04 07:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2013-11-12 02:57 - 2013-05-04 07:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2013-11-12 02:57 - 2013-05-04 07:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2013-11-12 02:57 - 2013-05-04 07:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2013-11-12 02:57 - 2013-05-04 07:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2013-11-12 02:57 - 2013-05-04 05:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-11-12 02:57 - 2013-05-04 05:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-11-12 02:57 - 2013-05-04 05:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-11-12 02:57 - 2013-05-04 05:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2013-11-12 02:57 - 2013-05-04 05:48 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2013-11-12 02:57 - 2013-05-04 05:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-11-12 02:57 - 2013-05-04 05:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-11-12 02:57 - 2013-04-16 03:34 - 01455368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-12 02:57 - 2013-04-09 06:33 - 00489576 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2013-11-12 02:57 - 2013-04-09 06:33 - 00446792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2013-11-12 02:57 - 2013-04-09 06:33 - 00253544 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2013-11-12 02:57 - 2013-04-09 06:20 - 00086280 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2013-11-12 02:57 - 2013-04-09 06:18 - 00077960 _____ (Microsoft Corporation) C:\Windows\system32\kdvm.dll
2013-11-12 02:57 - 2013-04-09 05:52 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-11-12 02:57 - 2013-04-09 05:52 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2013-11-12 02:57 - 2013-04-09 05:52 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-11-12 02:57 - 2013-04-09 05:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-11-12 02:57 - 2013-04-09 05:52 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2013-11-12 02:57 - 2013-04-09 05:51 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2013-11-12 02:57 - 2013-04-09 05:51 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2013-11-12 02:57 - 2013-04-09 05:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-11-12 02:57 - 2013-04-09 05:51 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2013-11-12 02:57 - 2013-04-09 05:50 - 00745984 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-11-12 02:57 - 2013-04-09 05:50 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-11-12 02:57 - 2013-04-09 05:50 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2013-11-12 02:57 - 2013-04-09 05:50 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-11-12 02:57 - 2013-04-09 05:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-11-12 02:57 - 2013-04-09 05:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-11-12 02:57 - 2013-04-09 05:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2013-11-12 02:57 - 2013-04-09 05:49 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-11-12 02:57 - 2013-04-09 05:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\fhengine.dll
2013-11-12 02:57 - 2013-04-09 05:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2013-11-12 02:57 - 2013-04-09 05:49 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2013-11-12 02:57 - 2013-04-09 05:49 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2013-11-12 02:57 - 2013-04-09 05:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll
2013-11-12 02:57 - 2013-04-09 05:48 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2013-11-12 02:57 - 2013-04-09 03:34 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2013-11-12 02:57 - 2013-04-09 03:33 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-11-12 02:57 - 2013-04-09 03:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2013-11-12 02:57 - 2013-04-09 03:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2013-11-12 02:57 - 2013-04-09 03:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-11-12 02:57 - 2013-04-09 03:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2013-11-12 02:57 - 2013-04-09 00:44 - 00123880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-11-12 02:57 - 2013-04-09 00:39 - 01408896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-12 02:57 - 2013-04-09 00:37 - 00426024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-11-12 02:57 - 2013-04-09 00:37 - 00324368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-11-12 02:57 - 2013-04-08 22:52 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-11-12 02:57 - 2013-04-08 22:52 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-11-12 02:57 - 2013-04-08 22:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-11-12 02:57 - 2013-04-08 22:52 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-11-12 02:57 - 2013-04-08 22:51 - 00659456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-11-12 02:57 - 2013-04-08 22:51 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-11-12 02:57 - 2013-04-08 22:51 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-11-12 02:57 - 2013-04-08 22:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-11-12 02:57 - 2013-04-08 22:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-11-12 02:57 - 2013-04-08 22:51 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-11-12 02:57 - 2013-04-08 22:51 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-11-12 02:57 - 2013-04-08 22:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-11-12 02:57 - 2013-04-08 22:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-11-12 02:57 - 2013-04-08 22:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-11-12 02:57 - 2013-04-05 00:30 - 00503080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-11-12 02:57 - 2013-03-15 23:05 - 00298456 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2013-11-12 02:57 - 2013-03-15 23:05 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-11-12 02:57 - 2013-03-02 11:39 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2013-11-12 02:57 - 2013-03-02 03:45 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-11-12 02:57 - 2013-03-02 03:43 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2013-11-12 02:57 - 2013-02-07 02:33 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-11-12 02:57 - 2013-02-02 09:40 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-11-12 02:57 - 2013-02-02 09:23 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-11-12 02:56 - 2013-08-23 06:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-12 02:56 - 2013-08-16 06:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-11-12 02:56 - 2013-08-16 06:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-11-12 02:56 - 2013-08-16 06:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-11-12 02:56 - 2013-08-16 06:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-11-12 02:56 - 2013-08-16 06:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00163840 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-11-12 02:56 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-11-12 02:56 - 2013-08-16 06:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-11-12 02:56 - 2013-08-15 23:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-11-12 02:56 - 2013-08-15 23:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-11-12 02:56 - 2013-08-15 23:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-11-12 02:56 - 2013-08-15 23:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-11-12 02:56 - 2013-08-15 23:43 - 00124928 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-12 02:56 - 2013-08-15 23:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-11-12 02:56 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-11-12 02:56 - 2013-08-15 23:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-11-12 02:56 - 2013-08-15 23:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-11-12 02:56 - 2013-06-01 10:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-11-12 02:56 - 2013-06-01 10:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-11-12 02:56 - 2013-05-31 00:24 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-11-12 02:56 - 2013-05-31 00:08 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-11-12 02:56 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-11-12 02:56 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-11-12 02:56 - 2013-05-15 03:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-11-12 02:56 - 2013-05-15 03:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-11-12 02:56 - 2013-05-15 03:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-11-12 02:56 - 2013-05-15 03:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-11-12 02:56 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 02:56 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 02:56 - 2013-05-04 08:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2013-11-12 02:56 - 2013-05-04 07:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2013-11-12 02:56 - 2013-05-04 07:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2013-11-12 02:56 - 2013-05-04 07:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2013-11-12 02:56 - 2013-05-04 05:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-11-12 02:56 - 2013-05-04 05:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-11-12 02:56 - 2013-05-04 05:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-11-12 02:56 - 2013-05-04 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-11-12 02:56 - 2013-05-04 05:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-11-12 02:56 - 2013-05-04 05:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-11-12 02:56 - 2013-05-04 05:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-11-12 02:56 - 2013-05-04 05:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-11-12 02:56 - 2013-04-28 23:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-11-12 02:56 - 2013-04-24 00:13 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-11-12 02:56 - 2013-04-24 00:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-11-12 02:56 - 2013-04-23 23:56 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-11-12 02:56 - 2013-04-23 23:55 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-11-12 02:56 - 2013-03-02 10:59 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-11-12 02:56 - 2013-03-02 03:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2013-11-12 02:56 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 02:56 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 02:56 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 02:56 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 02:56 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 02:56 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 02:56 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-11-12 02:56 - 2013-02-02 09:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-11-12 02:56 - 2013-02-02 09:39 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-11-12 02:55 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-12 02:55 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-12 02:55 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-12 02:55 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-12 02:55 - 2013-03-02 03:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2013-11-12 02:55 - 2012-10-24 04:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2013-11-12 02:55 - 2012-10-24 03:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-11-12 02:54 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-12 02:54 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-12 02:54 - 2013-07-13 07:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-11-12 02:54 - 2013-07-13 07:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-11-12 02:54 - 2013-07-13 07:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-11-12 02:54 - 2013-07-13 07:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-11-12 02:54 - 2013-07-13 05:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-11-12 02:54 - 2013-07-13 05:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-11-12 02:54 - 2013-07-13 05:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-11-12 02:54 - 2013-07-02 02:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-11-12 02:54 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-11-12 02:54 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-11-12 02:54 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-12 02:54 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-12 02:54 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-12 02:54 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-12 02:54 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-12 02:54 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-12 02:54 - 2013-05-04 07:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-11-12 02:54 - 2013-05-04 05:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-11-12 02:54 - 2013-04-27 06:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-11-12 02:54 - 2013-04-11 23:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-12 02:54 - 2013-04-11 23:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-12 02:54 - 2013-03-15 01:17 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-11-12 02:54 - 2013-03-06 08:10 - 00112872 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-11-12 02:54 - 2013-03-06 07:29 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-11-12 02:54 - 2013-03-02 09:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-11-12 02:54 - 2013-02-12 01:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-11-12 02:54 - 2013-02-05 23:29 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-11-12 02:54 - 2013-02-05 23:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-11-12 02:54 - 2013-02-02 11:54 - 01933544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-11-12 02:54 - 2013-02-02 09:40 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-11-12 02:54 - 2013-02-02 09:40 - 00370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-11-12 02:54 - 2013-02-02 09:40 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-11-12 02:54 - 2013-02-02 09:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-11-12 02:54 - 2013-02-02 09:40 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-11-12 02:54 - 2013-02-02 09:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-11-12 02:54 - 2013-02-02 09:38 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-11-12 02:54 - 2013-02-02 09:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe
2013-11-12 02:54 - 2013-02-02 09:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe
2013-11-12 02:54 - 2013-02-02 09:23 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-11-12 02:54 - 2013-02-02 09:23 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\wlroamextension.dll
2013-11-12 02:54 - 2013-02-02 09:23 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2013-11-12 02:54 - 2013-02-02 09:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2013-11-12 02:54 - 2013-02-02 09:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-11-12 02:54 - 2013-02-02 09:21 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-11-12 02:54 - 2013-02-02 09:20 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2013-11-12 02:54 - 2013-02-02 09:20 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\hotspotauth.dll
2013-11-12 02:54 - 2013-02-02 08:25 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-11-12 02:54 - 2013-02-02 06:41 - 01437184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-11-12 02:54 - 2013-02-02 06:31 - 01690624 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-11-12 02:53 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-11-12 02:53 - 2013-04-03 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-11-12 02:53 - 2013-04-03 00:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-11-12 02:53 - 2013-03-22 04:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-11-12 02:53 - 2013-03-21 23:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-11-12 02:53 - 2012-11-10 05:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-11-12 02:53 - 2012-11-10 05:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-11-12 02:53 - 2012-11-10 05:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2013-11-12 02:53 - 2012-11-10 05:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2013-11-12 02:53 - 2012-11-10 05:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2013-11-12 02:49 - 2013-11-12 02:49 - 00000000 ____D C:\Users\Public\OEM
2013-11-12 02:49 - 2013-11-12 02:49 - 00000000 ____D C:\Users\XXXXXX\PicStream
2013-11-12 02:49 - 2013-11-12 02:49 - 00000000 ____D C:\Users\XXXXXX\Documents\clear.fi
2013-11-12 02:48 - 2013-11-19 03:52 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\clear.fi
2013-11-12 02:32 - 2013-11-29 01:19 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-12 02:32 - 2013-11-12 02:32 - 00000921 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-12 02:04 - 2013-11-12 02:04 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-11-12 02:04 - 2013-11-12 02:04 - 00000000 ____D C:\ProgramData\Panda Security
2013-11-12 02:04 - 2013-11-12 02:04 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-11-12 02:03 - 2013-11-12 02:03 - 00848856 _____ (Panda Security                                              ) C:\Users\XXXXXX\Downloads

\USBVaccine1014Setup.exe
2013-11-12 01:01 - 2013-11-12 01:01 - 00001074 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-12 01:01 - 2013-11-12 01:01 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-12 00:47 - 2013-11-12 00:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-11-12 00:17 - 2013-11-29 13:20 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3954073195-1080602381-

1438276917-1002
2013-11-12 00:12 - 2013-11-12 00:12 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Synaptics
2013-11-12 00:12 - 2013-11-12 00:12 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Atheros
2013-11-12 00:12 - 2013-11-12 00:12 - 00000000 ____D C:\Program Files (x86)\OEM
2013-11-12 00:11 - 2013-11-17 18:11 - 00000000 ___RD C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-12 00:11 - 2013-11-17 18:11 - 00000000 ___RD C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-12 00:11 - 2013-11-12 23:54 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Adobe
2013-11-12 00:11 - 2013-11-12 00:11 - 00001776 _____ C:\Users\Public\Desktop\Online kaufen.lnk
2013-11-12 00:11 - 2013-11-12 00:11 - 00001446 _____ C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 00:11 - 2013-11-12 00:11 - 00000000 ____D C:\ProgramData\OEM_YAHOO
2013-11-12 00:11 - 2013-11-12 00:11 - 00000000 ____D C:\Program Files\Preload
2013-11-12 00:11 - 2013-11-12 00:11 - 00000000 ____D C:\Program Files\Accessory Store
2013-11-12 00:10 - 2013-11-14 08:32 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Packages
2013-11-12 00:10 - 2013-11-12 02:49 - 00000000 ____D C:\Users\XXXXXX
2013-11-12 00:10 - 2013-11-12 00:10 - 00000020 ___SH C:\Users\XXXXXX\ntuser.ini
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Vorlagen
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Startmenü
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Netzwerkumgebung
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Lokale Einstellungen
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Eigene Dateien
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Druckumgebung
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Documents\Eigene Musik
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Documents\Eigene Bilder
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\AppData\Local\Verlauf
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\AppData\Local\Anwendungsdaten
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Anwendungsdaten
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\VirtualStore
2013-11-12 00:10 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-12 00:10 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-12 00:10 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-11-12 00:10 - 2012-07-26 09:13 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Programme
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

2013-11-29 16:13 - 2013-11-29 16:13 - 00012048 _____ C:\Users\XXXXXX\Desktop\FRST.txt
2013-11-29 16:11 - 2013-11-29 16:11 - 00000884 _____ C:\Users\XXXXXX\Desktop\JRT.txt
2013-11-29 16:09 - 2013-11-29 16:09 - 00000000 ____D C:\Windows\ERUNT
2013-11-29 16:08 - 2013-11-29 16:08 - 01034531 _____ (Thisisu) C:\Users\XXXXXX\Downloads\JRT.exe
2013-11-29 16:08 - 2013-08-14 13:55 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-11-29 16:08 - 2013-08-14 13:55 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-11-29 16:08 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-29 16:04 - 2013-11-29 16:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-29 16:04 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-29 16:04 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-29 16:03 - 2013-11-28 18:56 - 00000000 ____D C:\AdwCleaner
2013-11-29 16:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-29 15:52 - 2013-11-29 15:26 - 484972195 _____ C:\Users\XXXXXX\Desktop\XXXXXX
2013-11-29 15:52 - 2013-11-28 18:55 - 01091882 _____ C:\Users\XXXXXX\Downloads\adwcleaner.exe
2013-11-29 14:36 - 2013-11-29 14:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-29 14:36 - 2013-11-29 14:10 - 00000000 ____D C:\Users\XXXXXX\Desktop\mbar
2013-11-29 14:12 - 2013-11-29 14:12 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-29 14:11 - 2013-11-29 14:11 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-29 14:09 - 2013-11-29 14:09 - 12576792 _____ (Malwarebytes Corp.) C:\Users\XXXXXX\Desktop\mbar-1.07.0.1007.exe
2013-11-29 13:20 - 2013-11-12 00:17 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3954073195-1080602381-

1438276917-1002
2013-11-29 13:06 - 2013-11-29 13:06 - 00027679 _____ C:\Users\XXXXXX\Desktop\Logfiles TB.rar
2013-11-29 13:05 - 2013-11-29 12:20 - 00000000 ____D C:\Users\XXXXXX\Desktop\Rechner
2013-11-29 13:05 - 2013-11-29 12:13 - 00024122 _____ C:\Users\XXXXXX\Desktop\AVSCAN-20131126-195252-9DE9419F.LOG
2013-11-29 13:04 - 2013-11-29 12:11 - 00026124 _____ C:\Users\XXXXXX\Desktop\AVSCAN-20131126-015303-DF97F406.LOG
2013-11-29 12:53 - 2013-11-29 12:53 - 00021665 _____ C:\Users\XXXXXX\Desktop\Addition - namen geändert.txt
2013-11-29 12:51 - 2013-11-29 12:51 - 00115105 _____ C:\Users\XXXXXX\Desktop\FRST-namen geändert.txt
2013-11-29 12:24 - 2013-11-29 12:24 - 00000000 ____D C:\FRST
2013-11-29 12:21 - 2013-08-14 04:24 - 01887310 _____ C:\Windows\WindowsUpdate.log
2013-11-29 12:19 - 2013-11-29 12:19 - 01959024 _____ (Farbar) C:\Users\XXXXXX\Desktop\FRST64.exe
2013-11-29 01:31 - 2013-11-27 15:53 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Windows Live
2013-11-29 01:19 - 2013-11-12 02:32 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-28 22:13 - 2013-11-28 21:24 - 902279088 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-28 21:34 - 2013-11-27 04:23 - 00000000 ____D C:\Users\XXXXXX\Downloads\Neuer Ordner
2013-11-28 18:37 - 2013-11-18 23:01 - 00307760 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-28 18:37 - 2013-04-18 10:11 - 00114490 _____ C:\Windows\PFRO.log
2013-11-28 04:01 - 2013-11-12 04:41 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\vlc
2013-11-28 01:39 - 2013-11-28 00:32 - 00010223 _____ C:\Users\XXXXXX\Desktop\Neues Textdokument.txt
2013-11-28 01:20 - 2013-11-17 21:11 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\TS3Client
2013-11-28 00:54 - 2013-11-28 00:54 - 00010223 _____ C:\Users\XXXXXX\Desktop\FMAtalk.txt
2013-11-27 21:31 - 2013-11-27 21:25 - 313928418 _____ C:\Users\XXXXXX\Downloads\1404-Large.mov
2013-11-27 21:30 - 2013-11-27 21:25 - 261764931 _____ C:\Users\XXXXXX\Downloads\1404-Large.wmv
2013-11-27 19:59 - 2013-11-24 15:45 - 00000000 ____D C:\Users\XXXXXX\Desktop\Neuer Ordner
2013-11-27 15:56 - 2013-11-27 15:56 - 00000000 ____D C:\Windows\de
2013-11-27 15:56 - 2013-11-27 15:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-11-27 15:55 - 2013-11-27 15:55 - 00000000 ____D C:\Windows\PCHEALTH
2013-11-27 15:55 - 2013-11-27 15:55 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-11-27 15:55 - 2013-11-12 23:57 - 00010408 _____ C:\Windows\DirectX.log
2013-11-27 15:55 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-25 02:32 - 2013-11-25 02:11 - 396439535 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-24 15:47 - 2012-07-26 08:21 - 00026286 _____ C:\Windows\setupact.log
2013-11-24 15:41 - 2013-11-24 15:41 - 00000000 ____D C:\Users\XXXXXX\Desktop\Texte und Bilder
2013-11-24 14:03 - 2013-11-24 14:03 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\OpenOffice
2013-11-24 14:01 - 2013-11-24 14:01 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 14:01 - 2013-11-24 14:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-11-24 13:58 - 2013-11-24 13:58 - 00000000 ____D C:\Users\XXXXXX\Desktop\OpenOffice 4.0.1 (de) Installation Files
2013-11-24 05:53 - 2013-11-24 05:51 - 163606685 _____ C:\Users\XXXXXX\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-11-24 03:34 - 2013-11-24 03:13 - 391865029 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-22 17:42 - 2013-11-22 17:42 - 00001444 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-11-22 17:42 - 2013-11-22 17:41 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoft
2013-11-22 17:42 - 2013-11-22 17:41 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-22 00:12 - 2013-08-14 04:38 - 00000000 ____D C:\ProgramData\Norton
2013-11-21 01:09 - 2013-11-21 01:08 - 77255136 _____ (Lightworks) C:\Users\XXXXXX\Downloads\lightworks_v11.1.1_full_64bit_setup.exe
2013-11-21 00:52 - 2013-11-21 00:52 - 01245168 _____ (Microsoft Corporation) C:\Users\Fabian\Downloads\wlsetup-web.exe
2013-11-20 14:09 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-20 00:39 - 2013-08-14 04:40 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-20 00:36 - 2013-11-20 00:36 - 00000000 ____D C:\Users\XXXXXX\Documents\CyberLink
2013-11-20 00:36 - 2013-11-20 00:36 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\CyberLink
2013-11-20 00:35 - 2013-11-20 00:35 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Cyberlink
2013-11-19 17:27 - 2013-11-12 23:51 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Adobe
2013-11-19 03:52 - 2013-11-19 03:52 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\MusicPlayer
2013-11-19 03:52 - 2013-11-12 02:48 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\clear.fi
2013-11-17 21:33 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-17 21:11 - 2013-11-17 21:11 - 00000971 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-11-17 21:11 - 2013-11-17 21:11 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-11-17 18:11 - 2013-11-12 00:11 - 00000000 ___RD C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-17 18:11 - 2013-11-12 00:11 - 00000000 ___RD C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-17 18:09 - 2013-11-12 06:06 - 00000000 ____D C:\Program Files\WinRAR
2013-11-17 18:09 - 2013-11-12 05:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 06:50 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-17 06:49 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-17 06:49 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-11-17 03:11 - 2013-11-17 02:37 - 623633183 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-17 02:34 - 2013-11-17 02:34 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-17 02:33 - 2013-11-17 02:33 - 02074056 _____ C:\Users\XXXXXX\Downloads\winrar-x64-500d.exe
2013-11-16 01:57 - 2013-11-16 01:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 13:35 - 2013-11-12 06:32 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-14 13:35 - 2013-11-12 06:32 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-14 08:32 - 2013-11-14 03:55 - 00000000 ___RD C:\Windows\BrowserChoice
2013-11-14 08:32 - 2013-11-12 00:10 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Packages
2013-11-14 08:32 - 2013-04-18 10:14 - 00000000 ____D C:\ProgramData\PRICache
2013-11-14 08:25 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\servicing
2013-11-14 03:55 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-14 03:55 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-14 03:55 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-14 03:55 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-14 03:55 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-11-14 03:55 - 2012-07-26 08:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-14 03:52 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-11-14 03:52 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-11-14 03:52 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-11-14 03:52 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-11-14 03:52 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-11-14 03:51 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\Dism
2013-11-13 20:58 - 2013-11-13 20:58 - 00000000 ____D C:\Users\XXXXXX\Documents\Amazon MP3
2013-11-13 20:58 - 2013-11-13 20:58 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-11-13 20:58 - 2013-11-13 20:58 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Amazon
2013-11-13 19:41 - 2013-11-12 16:21 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 19:40 - 2013-11-12 16:21 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 11:54 - 2013-11-26 01:43 - 890822947 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-12 23:55 - 2013-11-12 23:52 - 00000000 ____D C:\ProgramData\Adobe
2013-11-12 23:54 - 2013-11-12 00:11 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Adobe
2013-11-12 23:52 - 2013-11-12 23:52 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-12 23:52 - 2013-11-12 23:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-12 23:44 - 2013-11-12 05:43 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Mozilla
2013-11-12 22:00 - 2013-11-12 15:45 - 00000000 ____D C:\Users\XXXXXX\Desktop\Musik
2013-11-12 16:53 - 2013-11-12 15:54 - 00000000 ____D C:\Users\XXXXXX\Desktop\Aikido
2013-11-12 16:04 - 2013-11-12 16:04 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\WildTangent
2013-11-12 16:04 - 2013-04-18 11:07 - 00000000 ____D C:\ProgramData\WildTangent
2013-11-12 06:37 - 2013-11-12 06:37 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-12 06:37 - 2013-11-12 06:37 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Malwarebytes
2013-11-12 06:37 - 2013-11-12 06:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 06:37 - 2013-11-12 06:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 06:35 - 2013-11-12 06:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\XXXXXX\Downloads

\mbam-setup-1.75.0.1300.exe
2013-11-12 06:32 - 2013-11-12 06:32 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-12 06:32 - 2013-11-12 06:32 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Avira
2013-11-12 06:32 - 2013-11-12 06:32 - 00000000 ____D C:\ProgramData\Avira
2013-11-12 06:32 - 2013-11-12 06:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-12 06:26 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-11-12 06:20 - 2013-11-12 06:18 - 134194160 _____ C:\Users\XXXXXX\Downloads\avira_antivirus_suite_de.exe
2013-11-12 06:07 - 2013-11-12 06:07 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\WinRAR
2013-11-12 05:47 - 2013-11-12 05:47 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Macromedia
2013-11-12 05:45 - 2013-11-12 05:45 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\CrashDumps
2013-11-12 05:43 - 2013-11-12 05:43 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-12 05:43 - 2013-11-12 05:43 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Mozilla
2013-11-12 05:43 - 2013-11-12 05:43 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-12 05:41 - 2013-11-12 05:41 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Macromedia
2013-11-12 05:21 - 2013-11-12 05:21 - 00000000 ____D C:\Users\XXXXXX\Desktop\Fotos
2013-11-12 02:57 - 2013-11-12 02:57 - 00000219 _____ C:\Users\XXXXXX\Desktop\Dota 2.url
2013-11-12 02:49 - 2013-11-12 02:49 - 00000000 ____D C:\Users\Public\OEM
2013-11-12 02:49 - 2013-11-12 02:49 - 00000000 ____D C:\Users\XXXXXX\PicStream
2013-11-12 02:49 - 2013-11-12 02:49 - 00000000 ____D C:\Users\XXXXXX\Documents\clear.fi
2013-11-12 02:49 - 2013-11-12 00:10 - 00000000 ____D C:\Users\XXXXXX
2013-11-12 02:32 - 2013-11-12 02:32 - 00000921 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-12 02:32 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\restore
2013-11-12 02:04 - 2013-11-12 02:04 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-11-12 02:04 - 2013-11-12 02:04 - 00000000 ____D C:\ProgramData\Panda Security
2013-11-12 02:04 - 2013-11-12 02:04 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-11-12 02:03 - 2013-11-12 02:03 - 00848856 _____ (Panda Security                                              ) C:\Users\Fabian\Downloads

\USBVaccine1014Setup.exe
2013-11-12 01:01 - 2013-11-12 01:01 - 00001074 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-12 01:01 - 2013-11-12 01:01 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-12 00:47 - 2013-11-12 00:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-11-12 00:14 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-11-12 00:12 - 2013-11-12 00:12 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Synaptics
2013-11-12 00:12 - 2013-11-12 00:12 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Atheros
2013-11-12 00:12 - 2013-11-12 00:12 - 00000000 ____D C:\Program Files (x86)\OEM
2013-11-12 00:12 - 2013-04-18 11:07 - 00000000 ___HD C:\OEM
2013-11-12 00:11 - 2013-11-12 00:11 - 00001776 _____ C:\Users\Public\Desktop\Online kaufen.lnk
2013-11-12 00:11 - 2013-11-12 00:11 - 00001446 _____ C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 00:11 - 2013-11-12 00:11 - 00000000 ____D C:\ProgramData\OEM_YAHOO
2013-11-12 00:11 - 2013-11-12 00:11 - 00000000 ____D C:\Program Files\Preload
2013-11-12 00:11 - 2013-11-12 00:11 - 00000000 ____D C:\Program Files\Accessory Store
2013-11-12 00:10 - 2013-11-12 00:10 - 00000020 ___SH C:\Users\XXXXXX\ntuser.ini
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Vorlagen
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Startmenü
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Netzwerkumgebung
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Lokale Einstellungen
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Eigene Dateien
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Druckumgebung
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Documents\Eigene Musik
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Documents\Eigene Bilder
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\AppData\Local\Verlauf
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\AppData\Local\Anwendungsdaten
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 _SHDL C:\Users\XXXXXX\Anwendungsdaten
2013-11-12 00:10 - 2013-11-12 00:10 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\VirtualStore
2013-11-12 00:10 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-11-12 00:06 - 2013-08-14 04:24 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-12 00:06 - 2013-08-14 04:24 - 00000000 ____D C:\Windows\system32\NV
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Programme
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-11-11 23:58 - 2013-11-11 23:58 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-11-11 23:58 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows NT
2013-11-11 23:58 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-11-07 18:28 - 2013-11-26 01:43 - 1047222963 _____ C:\Users\XXXXXX\Downloads\XXXXXX
2013-11-05 23:58 - 2013-11-17 18:10 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-17 18:10 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\XXXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXXX\AppData\Local\Temp\COMAP.EXE
C:\Users\XXXXXX\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\XXXXXX\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-28 13:36

==================== End Of Log ============================

--- --- ---

cosinus · 29.11.2013, 16:36

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

FJ1 · 29.11.2013, 21:18

Danke, geht ja super schnell mit der Hilfe!

Hier das neue mbam Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.29.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
XXXXXX :: XXXXXXXXXX [Administrator]

29.11.2013 17:21:39
mbam-log-2013-11-29 (17-21-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227529
Laufzeit: 3 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und der ESET Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d25524176065cd42ba609932c3fbea07
# engine=16078
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-29 06:20:36
# local_time=2013-11-29 07:20:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 1351502 30917624 0 0
# scanned=261194
# found=0
# cleaned=0
# scan_time=6677

cosinus · 30.11.2013, 13:44

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

FJ1 · 30.11.2013, 17:00

Hi,

super, danke! Auch für die Tipps!

Also ich habe mbam jetzt nochmal aktualisiert und einen vollständigen Suchlauf ausführen lassen, keine Funde. Browser reagiert insgesamt wieder etwas schneller, sonst ist nichts Auffälliges festzustellen.

cosinus · 30.11.2013, 22:45

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

FJ1 · 30.11.2013, 23:01

Hey,

danke Dir nochmals für die superschnelle und freundliche Hilfe. Dann werd ich mich jetzt mal daran machen, die zusätzlichen Sicherheitstipps umzusetzen und im entsprechenden Forum auch nochmal ein dickes Lob posten!

PUP.Optional.OpenCandy in Dritthersteller Software mitinstalliert

Plagegeister aller Art und deren Bekämpfung: PUP.Optional.OpenCandy in Dritthersteller Software mitinstalliert