Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MBR-Virus BOO/Tdss.O

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.12.2013, 16:07   #16
schrauber
/// the machine
/// TB-Ausbilder
 

MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



Gleiches Spiel nochmal, diesmal dieser Befehl:

BootRec.exe /fixboot



Dann:

Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.12.2013, 18:49   #17
Calister
 
MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



Hallo,

Zip- Datei ist beigefügt und hier ist noch der Log:

Code:
ATTFilter
Detected Windows version: 6.0 Build 6001 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x00000130
1 valid drive(s) found.

Details for Disk 0 - WDC WD1600BEVT-22ZCT0 Rev 11.01A11:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 19457/255/63
  Boot loader reputation   : Known Good (Windows 7)
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    MD5                    : A36C5E4F47E84449FF07ED3517B43A31
         
__________________


Alt 10.12.2013, 10:32   #18
schrauber
/// the machine
/// TB-Ausbilder
 

MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



Kommt die Meldung noch?
__________________
__________________

Alt 10.12.2013, 16:18   #19
Calister
 
MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



Hallo,

ja leider, die Meldung kommt nach wie vor sofort nach dem Start durch Avira...

Alt 11.12.2013, 09:28   #20
schrauber
/// the machine
/// TB-Ausbilder
 

MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



Scheitn ein Fehlalarm. Kannst Du das bei Avira einschicken über das Programm selbst?

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.12.2013, 16:01   #21
Calister
 
MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



Hallo, leider hab ich nur die Möglichkeit, mit iwelchen anderen Angestellten von Avira in Kontakt zu treten. Nebenbei habe ich nochmal 2 andere Virenscanner nacheinander installiert (AVG und Avast). Beide haben den Virus angezeigt, keiner konnte ihn jedoch entfernen.

Alt 21.12.2013, 16:14   #22
schrauber
/// the machine
/// TB-Ausbilder
 

MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.12.2013, 17:43   #23
Calister
 
MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



Hallo, ich glaube der Tipp hat mein Problem gelöst

Hier die Log vom ersten Suchlauf, nachdem er etwas fand:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.21.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Bettina :: BETTINA-PC [administrator]

21.12.2013 16:58:36
mbar-log-2013-12-21 (16-58-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 200217
Time elapsed: 11 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\avipbb.sys (Unknown.Rootkit.Driver) -> Replace on reboot.

Physical Sectors Detected: 1
Physical Sector #312578048 on Drive #0 (Rootkit.Alureon.E.VBR) -> Replace on reboot.

(end)
         

Und hier die Log vom zweiten Durchauf, bei dem er nichts mehr fand:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.21.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Bettina :: BETTINA-PC [administrator]

21.12.2013 17:19:04
mbar-log-2013-12-21 (17-19-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 200022
Time elapsed: 16 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Bei meinem Virusprogramm läuft nun keine Virusmeldung mehr auf.
Vielen Dank nochmal für die geduldige Hilfe!

Alt 22.12.2013, 07:23   #24
schrauber
/// the machine
/// TB-Ausbilder
 

MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



Poste zum Abschluss bitte ein frisches FRST log
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.12.2013, 12:20   #25
Calister
 
MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



So schauts aus...

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by Bettina (administrator) on BETTINA-PC on 22-12-2013 12:10:06
Running from C:\Users\Bettina\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Realtek Semiconductor Corp.) C:\Users\Bettina\AppData\Local\Temp\RtkBtMnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2013-12-03] (Google)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6144000 2008-05-21] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-22] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [875016 2008-07-25] (Dritek System Inc.)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eRecoveryService] - [x]
HKLM\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-23] (Acer)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-21] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2013-12-03] (Google Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\ACER\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\ACER\run_NB.exe [ 2007-08-21] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1213&m=extensa_5630/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1213&m=extensa_5630
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1213&m=extensa_5630
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 34 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-22] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-21] (Avira Operations GmbH & Co. KG)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S3 GoogleDesktopManager-080708-050100; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2013-12-03] (Google)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] ()
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-13] (O2Micro International)
S2 McNASvc; "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-22] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-11-22] (Avira GmbH)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MFE_RR; \??\C:\Users\Bettina\AppData\Local\Temp\mfe_rr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 USBSTOR; \SystemRoot\system32\drivers\usbstor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-22 12:09 - 2013-12-22 12:09 - 00000000 ____D C:\Users\Bettina\Downloads\FRST-OlderVersion
2013-12-21 16:57 - 2013-12-21 17:18 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-21 16:56 - 2013-12-21 17:18 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-21 16:55 - 2013-12-21 17:35 - 00000000 ____D C:\Users\Bettina\Desktop\mbar
2013-12-21 16:54 - 2013-12-21 16:54 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Bettina\Desktop\mbar-1.07.0.1008.exe
2013-12-16 21:32 - 2013-12-16 21:33 - 00000000 ____D C:\Users\Bettina\AppData\Local\Adobe
2013-12-16 21:32 - 2013-12-16 21:32 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Avira
2013-12-16 21:26 - 2013-12-16 21:26 - 00001851 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-16 21:25 - 2013-12-21 16:57 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-16 21:25 - 2013-12-21 16:57 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 21:25 - 2013-12-16 21:25 - 00000000 ____D C:\Program Files\Avira
2013-12-16 21:25 - 2013-11-22 12:01 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-16 21:25 - 2013-11-22 12:01 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-16 20:51 - 2013-12-16 20:51 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\TuneUp Software
2013-12-16 20:50 - 2013-11-19 03:33 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-12-16 20:43 - 2013-12-16 21:17 - 00000000 ____D C:\ProgramData\MFAData
2013-12-16 20:43 - 2013-12-16 20:43 - 04425448 _____ (AVG Technologies) C:\Users\Bettina\Downloads\avg_avct_stb_all_2014_4116.exe
2013-12-16 20:43 - 2013-12-16 20:43 - 00000000 ____D C:\Users\Bettina\AppData\Local\MFAData
2013-12-16 20:35 - 2013-12-16 20:36 - 00000310 _____ C:\Users\Bettina\RootkitRemover_20131216_203557.log
2013-12-16 20:35 - 2013-12-16 20:35 - 00782640 _____ (McAfee, Inc.) C:\Users\Bettina\Downloads\rootkitremover.exe
2013-12-15 12:31 - 2013-12-15 12:31 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\AVAST Software
2013-12-15 12:29 - 2013-12-15 12:29 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-15 12:27 - 2013-12-16 21:17 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-09 18:47 - 2013-12-09 18:47 - 00000603 _____ C:\Users\Bettina\Desktop\MBRMastr_2013.12.09_18.47.05.txt
2013-12-09 18:47 - 2013-12-09 18:47 - 00000575 _____ C:\Users\Bettina\Desktop\emsi.zip
2013-12-09 18:46 - 2013-12-09 18:47 - 00000512 _____ C:\Users\Bettina\Desktop\emsi.mbr
2013-12-09 18:44 - 2013-12-09 18:45 - 00788728 _____ (Emsisoft GmbH) C:\Users\Bettina\Downloads\mbrmastr.exe
2013-12-09 11:10 - 2009-11-08 10:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2013-12-09 11:10 - 2009-11-08 10:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2013-12-09 11:10 - 2009-11-08 10:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2013-12-09 11:10 - 2009-11-08 10:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2013-12-09 11:10 - 2009-11-08 10:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2013-12-09 11:09 - 2010-09-20 10:25 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2013-12-07 12:56 - 2010-09-06 17:24 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2013-12-07 12:56 - 2010-09-06 17:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-12-07 12:56 - 2009-08-24 13:16 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2013-12-07 12:45 - 2013-12-07 12:45 - 00001593 _____ C:\Users\Public\Desktop\Browserwahl.lnk
2013-12-06 13:14 - 2008-05-27 06:21 - 01582592 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-12-06 13:14 - 2008-05-27 06:21 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-12-06 13:14 - 2008-05-27 06:18 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-12-06 13:14 - 2008-05-27 06:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll
2013-12-06 13:14 - 2008-05-27 06:18 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 06103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-12-06 13:14 - 2008-05-27 06:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-12-06 13:14 - 2008-05-27 06:17 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-12-06 13:14 - 2008-05-27 05:59 - 00106605 _____ C:\Windows\system32\StructuredQuerySchema.bin
2013-12-06 13:14 - 2008-05-27 05:59 - 00018904 _____ C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2013-12-06 13:14 - 2007-11-08 10:04 - 11967524 _____ C:\Windows\system32\korwbrkr.lex
2013-12-06 13:11 - 2010-04-14 18:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2013-12-06 13:11 - 2010-04-14 18:47 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2013-12-06 13:11 - 2010-04-14 18:46 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2013-12-06 13:03 - 2010-02-12 11:48 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-12-06 12:48 - 2008-06-20 02:14 - 00781344 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2013-12-06 12:48 - 2008-06-20 02:14 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2013-12-06 12:48 - 2008-06-20 02:14 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-06 12:48 - 2008-06-20 02:14 - 00097800 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2013-12-06 12:48 - 2008-06-20 02:14 - 00037384 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl
2013-12-06 12:48 - 2008-06-20 02:14 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2013-12-06 12:41 - 2008-07-27 19:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2013-12-06 12:41 - 2008-07-27 19:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2013-12-06 12:39 - 2013-12-06 12:40 - 00273114 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-12-06 12:39 - 2013-12-06 12:39 - 00284280 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-12-06 12:39 - 2013-12-06 12:39 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-05 18:34 - 2013-12-05 18:35 - 00016297 _____ C:\Users\Bettina\Downloads\Addition.txt
2013-12-05 18:33 - 2013-12-22 12:10 - 00009490 _____ C:\Users\Bettina\Downloads\FRST.txt
2013-12-05 18:33 - 2013-12-22 12:09 - 01325858 _____ (Farbar) C:\Users\Bettina\Downloads\FRST.exe
2013-12-05 18:33 - 2013-12-22 12:09 - 00000000 ____D C:\FRST
2013-12-05 14:52 - 2013-12-05 14:52 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-05 14:46 - 2013-12-05 14:46 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Bettina\Desktop\TDSSKiller19.exe
2013-12-05 14:39 - 2013-12-05 14:39 - 00028672 _____ C:\bcd_Backup
2013-12-05 14:39 - 2013-12-05 14:39 - 00025600 ___SH C:\bcd_Backup.LOG
2013-12-05 12:36 - 2013-12-05 12:36 - 50053120 _____ C:\Program Files\GUT757E.tmp
2013-12-05 12:36 - 2013-12-05 12:36 - 00000000 ____D C:\Program Files\GUM757D.tmp
2013-12-05 12:07 - 2013-12-05 12:07 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-12-04 06:46 - 2010-02-21 00:39 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2013-12-04 06:46 - 2010-02-21 00:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2013-12-04 06:46 - 2010-02-20 22:18 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-12-04 06:44 - 2009-10-09 22:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2013-12-04 06:43 - 2009-10-09 22:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2013-12-04 06:43 - 2009-10-09 22:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2013-12-04 06:43 - 2009-10-09 22:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2013-12-04 06:43 - 2009-10-09 22:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2013-12-04 06:43 - 2009-10-09 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2013-12-04 06:43 - 2009-10-09 22:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2013-12-04 06:43 - 2009-10-09 22:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2013-12-04 06:43 - 2009-10-09 22:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2013-12-04 06:43 - 2009-10-09 22:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2013-12-04 06:43 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2013-12-04 06:43 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2013-12-04 06:43 - 2009-10-09 22:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2013-12-04 06:43 - 2009-10-09 22:55 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2013-12-04 06:43 - 2009-10-09 22:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2013-12-04 06:43 - 2009-10-09 22:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2013-12-04 06:43 - 2009-10-09 22:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2013-12-04 06:43 - 2009-10-09 22:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2013-12-04 06:43 - 2009-08-01 07:27 - 00201184 _____ C:\Windows\system32\winrm.vbs
2013-12-04 06:43 - 2009-07-16 18:30 - 00004675 _____ C:\Windows\system32\wsmanconfig_schema.xml
2013-12-04 06:43 - 2009-07-16 18:30 - 00002426 _____ C:\Windows\system32\WsmTxt.xsl
2013-12-04 03:16 - 2013-12-04 03:16 - 00001302 _____ C:\Windows\AceSto02.cfg
2013-12-04 03:16 - 2008-10-07 19:16 - 00006849 ___SH C:\Patch.rev
2013-12-04 03:16 - 2008-07-17 21:27 - 00380928 _____ (Acer Incorporated) C:\Windows\AcerStore.exe
2013-12-04 03:16 - 2008-05-09 14:58 - 00049152 _____ ( ) C:\Windows\Interop.IWshRuntimeLibrary.dll
2013-12-04 03:15 - 2008-01-10 20:44 - 00199176 _____ (Dritek System Inc.) C:\Windows\GVUni.exe
2013-12-04 03:13 - 2013-12-04 03:13 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2013-12-04 03:13 - 2013-12-04 03:13 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2013-12-04 03:13 - 2013-12-04 03:13 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2013-12-04 03:12 - 2013-12-04 03:12 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-04 03:12 - 2013-12-04 03:12 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-04 03:12 - 2013-12-04 03:12 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-04 03:12 - 2013-12-04 03:12 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-04 03:12 - 2013-12-04 03:12 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-04 03:12 - 2013-12-04 03:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2013-12-04 03:12 - 2013-12-04 03:12 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2013-12-04 03:12 - 2013-12-04 03:12 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\pacerprf.dll
2013-12-04 03:10 - 2013-12-04 03:10 - 00885248 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2013-12-04 03:10 - 2013-12-04 03:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2013-12-04 03:10 - 2013-12-04 03:10 - 00009127 _____ C:\Windows\system32\RacUR.xml
2013-12-04 03:10 - 2013-12-04 03:10 - 00000153 _____ C:\Windows\system32\RacUREx.xml
2013-12-04 03:08 - 2013-12-04 03:08 - 01695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-04 03:08 - 2013-12-04 03:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2013-12-04 03:06 - 2013-12-04 03:06 - 00988216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-12-04 03:06 - 2013-12-04 03:06 - 00927288 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-12-04 03:06 - 2013-12-04 03:06 - 00615992 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2013-12-04 03:06 - 2013-12-04 03:06 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00019000 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe
2013-12-04 03:06 - 2013-12-04 03:06 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll
2013-12-04 03:04 - 2008-08-15 03:37 - 00921600 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2013-12-04 03:04 - 2008-02-22 20:50 - 00198064 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys
2013-12-04 03:04 - 2008-02-22 20:49 - 00110592 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll
2013-12-04 03:04 - 2008-02-22 20:11 - 00147456 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2013-12-04 03:04 - 2008-02-22 19:58 - 00196608 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll
2013-12-04 03:04 - 2008-02-22 19:57 - 00163840 _____ (Synaptics, Inc.) C:\Windows\system32\SynCOM.dll
2013-12-04 03:04 - 2007-12-04 00:11 - 00207368 _____ (Dritek System Inc.) C:\Windows\UNINST32.EXE
2013-12-04 03:04 - 2006-12-23 00:04 - 00144201 _____ C:\Windows\system32\Drivers\HSFProf.cty
2013-12-04 03:04 - 2006-12-22 20:50 - 00985600 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\HSX_DPV.sys
2013-12-04 03:04 - 2006-12-22 20:49 - 00207360 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\HSXHWAZL.sys
2013-12-04 03:04 - 2006-12-22 20:48 - 00659968 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\HSX_CNXT.sys
2013-12-04 03:04 - 2006-12-21 02:37 - 00176128 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI32M16.dll
2013-12-04 03:04 - 2006-11-29 01:44 - 00386560 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\XAudio.exe
2013-12-04 03:04 - 2006-11-29 01:44 - 00008192 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\XAudio.sys
2013-12-04 03:04 - 2006-11-03 06:29 - 00021264 _____ (Dritek System Inc.) C:\Windows\system32\Drivers\DKbFltr.sys
2013-12-04 03:04 - 2006-06-19 23:26 - 00094208 _____ (Conexant) C:\Windows\system32\mdmxsdk.dll
2013-12-04 03:04 - 2006-06-19 23:26 - 00012672 _____ (Conexant) C:\Windows\system32\Drivers\mdmxsdk.sys
2013-12-04 03:04 - 2006-03-09 18:58 - 01060424 _____ C:\Windows\system32\WdfCoInstaller01000.dll
2013-12-04 03:03 - 2013-12-04 03:16 - 00467790 _____ C:\Windows\CapsuleDll.log
2013-12-04 03:03 - 2013-12-04 03:03 - 00000000 ____D C:\Windows\Lan
2013-12-04 03:03 - 2008-07-17 00:31 - 00641560 _____ (Intel Corporation) C:\Windows\system32\igfxcfg.exe
2013-12-04 03:03 - 2008-07-17 00:31 - 00256536 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2013-12-04 03:03 - 2008-07-17 00:31 - 00174616 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2013-12-04 03:03 - 2008-07-17 00:31 - 00170520 _____ (Intel Corporation) C:\Windows\system32\igfxzoom.exe
2013-12-04 03:03 - 2008-07-17 00:31 - 00170520 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2013-12-04 03:03 - 2008-07-17 00:31 - 00150040 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2013-12-04 03:03 - 2008-07-17 00:31 - 00145944 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2013-12-04 03:03 - 2008-07-11 20:55 - 00034528 _____ C:\Windows\system32\iglhxs32.vp
2013-12-04 03:03 - 2008-07-11 19:38 - 00147456 _____ C:\Windows\system32\igfxCoIn_v1527.dll
2013-12-04 03:03 - 2008-07-11 19:20 - 03313664 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
2013-12-04 03:03 - 2008-07-11 19:20 - 02381312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
2013-12-04 03:03 - 2008-07-11 19:18 - 02192024 _____ C:\Windows\system32\igkrng500.bin
2013-12-04 03:03 - 2008-07-11 19:18 - 00495376 _____ C:\Windows\system32\igcompkrng500.bin
2013-12-04 03:03 - 2008-07-11 19:18 - 00147172 _____ C:\Windows\system32\igfcg550.bin
2013-12-04 03:03 - 2008-07-11 19:17 - 00536576 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
2013-12-04 03:03 - 2008-07-11 19:10 - 02174976 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
2013-12-04 03:03 - 2008-07-11 19:02 - 02420736 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
2013-12-04 03:03 - 2008-07-11 19:02 - 02179072 _____ (Intel Corporation) C:\Windows\system32\ig4dev32.dll
2013-12-04 03:03 - 2008-07-11 18:56 - 00278528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00274432 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00274432 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00270336 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00270336 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00270336 _____ (Intel Corporation) C:\Windows\system32\igfxresp.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00262144 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00262144 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00258048 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00258048 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00258048 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00253952 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00253952 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00253952 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00249856 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00249856 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00249856 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00249856 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00245760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00233472 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00225280 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00221184 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00180224 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00176128 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00151552 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2013-12-04 03:03 - 2008-07-11 18:56 - 00147456 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2013-12-04 03:03 - 2008-07-11 18:52 - 00249856 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2013-12-04 03:03 - 2008-07-11 18:51 - 00204800 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2013-12-04 03:03 - 2008-07-11 18:51 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2013-12-04 03:03 - 2008-07-11 18:51 - 00069632 _____ (Intel Corporation) C:\Windows\system32\oemdspif.dll
2013-12-04 03:03 - 2008-07-11 18:51 - 00051712 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2013-12-04 03:03 - 2008-07-11 18:51 - 00024576 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2013-12-04 03:03 - 2008-07-11 18:50 - 05697536 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2013-12-04 03:03 - 2008-07-11 18:50 - 00245760 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2013-12-04 03:03 - 2008-07-11 18:50 - 00208896 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2013-12-04 03:03 - 2008-07-11 18:50 - 00135168 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2013-12-04 03:03 - 2008-07-11 18:50 - 00106496 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2013-12-04 03:03 - 2008-07-11 17:44 - 00002096 _____ C:\Windows\system32\iglhxo32.vp
2013-12-04 03:03 - 2008-07-11 17:44 - 00002096 _____ C:\Windows\system32\iglhxc32.vp
2013-12-04 03:03 - 2008-06-30 14:52 - 00112128 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcHdmi.sys
2013-12-04 03:03 - 2008-06-30 14:52 - 00004608 _____ C:\Windows\system32\HdmiCoin.dll
2013-12-04 03:03 - 2008-04-03 11:19 - 00020480 _____ (Wistron Corp.) C:\Windows\PATCHFUL.EXE
2013-12-03 20:41 - 2013-12-03 20:41 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Malwarebytes
2013-12-03 20:41 - 2013-12-03 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 20:39 - 2013-12-03 20:39 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bettina\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 19:57 - 2013-12-03 19:57 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Bettina\Downloads\mbam-setup.exe
2013-12-03 19:50 - 2013-12-03 20:38 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2013-12-03 19:50 - 2013-12-03 19:50 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-03 19:49 - 2013-12-03 19:49 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bettina\Downloads\SpyHunter-Installer.exe
2013-12-03 19:49 - 2013-12-03 19:49 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-03 19:37 - 2013-12-03 19:39 - 00000000 ____D C:\AdwCleaner
2013-12-03 19:37 - 2013-12-03 19:37 - 01110034 _____ C:\Users\Bettina\Downloads\adwcleaner.exe
2013-12-03 19:34 - 2010-12-28 15:57 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2013-12-03 19:34 - 2010-09-10 19:18 - 10626560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-03 19:34 - 2010-09-10 17:37 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-03 19:34 - 2010-01-21 16:59 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2013-12-03 19:34 - 2009-08-14 17:29 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2013-12-03 19:34 - 2009-08-14 15:16 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE
2013-12-03 19:34 - 2009-08-14 15:16 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE
2013-12-03 19:34 - 2009-08-14 15:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE
2013-12-03 19:34 - 2009-08-14 15:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE
2013-12-03 19:34 - 2009-08-14 15:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2013-12-03 19:34 - 2009-08-14 15:16 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE
2013-12-03 19:34 - 2009-08-14 15:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE
2013-12-03 19:34 - 2008-10-29 07:29 - 02927104 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-12-03 19:34 - 2008-10-22 04:57 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2013-12-03 19:34 - 2008-06-19 04:31 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2013-12-03 19:33 - 2011-07-06 15:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2013-12-03 19:33 - 2011-04-29 13:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-12-03 19:33 - 2011-04-29 13:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-12-03 19:33 - 2011-04-21 16:00 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 19:33 - 2011-04-21 16:00 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 19:33 - 2011-04-21 15:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 19:33 - 2011-04-21 15:58 - 03593728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 19:33 - 2011-04-21 15:58 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-12-03 19:33 - 2011-04-21 15:58 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 19:33 - 2011-04-21 15:58 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 19:33 - 2011-04-21 15:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 19:33 - 2011-04-21 15:57 - 06078976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 19:33 - 2011-04-21 15:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 19:33 - 2011-04-21 15:57 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 19:33 - 2011-04-21 15:57 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 19:33 - 2011-04-21 15:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-12-03 19:33 - 2011-04-21 15:57 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 19:33 - 2011-04-21 15:57 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll
2013-12-03 19:33 - 2011-04-21 14:28 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 19:33 - 2011-04-21 14:08 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 19:33 - 2011-02-22 13:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2013-12-03 19:33 - 2010-10-15 15:08 - 03600272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-12-03 19:33 - 2010-10-15 15:08 - 03548048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-03 19:33 - 2010-10-15 14:48 - 01205080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-03 19:33 - 2010-08-26 17:07 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2013-12-03 19:33 - 2010-06-28 17:15 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2013-12-03 19:33 - 2010-05-04 17:53 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 19:33 - 2010-02-26 05:03 - 02452872 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 19:33 - 2009-09-10 18:30 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2013-12-03 19:33 - 2009-08-10 12:01 - 01399296 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-12-03 19:33 - 2009-07-17 15:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2013-12-03 19:33 - 2009-07-11 20:32 - 00513024 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2013-12-03 19:33 - 2009-07-11 20:32 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2013-12-03 19:33 - 2009-07-11 20:32 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2013-12-03 19:33 - 2009-07-11 20:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2013-12-03 19:33 - 2009-07-11 18:18 - 02501921 _____ C:\Windows\system32\wlan.tmf
2013-12-03 19:33 - 2009-07-10 13:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2013-12-03 19:33 - 2009-06-10 13:11 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2013-12-03 19:33 - 2009-06-10 13:11 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2013-12-03 19:33 - 2008-06-06 04:27 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2013-12-03 19:33 - 2008-06-06 04:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2013-12-03 19:32 - 2010-12-29 18:41 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-12-03 19:32 - 2010-12-29 18:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2013-12-03 19:32 - 2010-12-29 18:41 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2013-12-03 19:32 - 2010-12-29 18:39 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2013-12-03 19:32 - 2010-12-14 16:49 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2013-12-03 19:32 - 2010-04-05 17:08 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2013-12-03 19:32 - 2009-03-03 05:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2013-12-03 19:32 - 2009-03-03 05:39 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2013-12-03 19:32 - 2009-03-03 05:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2013-12-03 19:32 - 2009-03-03 05:37 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2013-12-03 19:32 - 2009-03-03 05:37 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2013-12-03 19:32 - 2009-03-03 05:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2013-12-03 19:32 - 2009-03-03 04:04 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2013-12-03 19:32 - 2009-03-03 03:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2013-12-03 19:32 - 2008-06-26 04:29 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2013-12-03 19:32 - 2008-04-18 06:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2013-12-03 19:31 - 2013-12-22 12:08 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 19:31 - 2013-12-22 12:01 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 19:27 - 2011-04-21 14:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-03 19:27 - 2011-02-16 16:35 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 19:27 - 2011-02-16 16:32 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 19:27 - 2011-01-21 16:46 - 11582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-12-03 19:27 - 2011-01-21 16:46 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-12-03 19:27 - 2010-11-06 12:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2013-12-03 19:27 - 2010-11-06 12:10 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2013-12-03 19:27 - 2010-11-06 12:10 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2013-12-03 19:27 - 2010-11-06 12:09 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-12-03 19:27 - 2010-11-05 01:53 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2013-12-03 19:27 - 2010-10-28 13:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-03 19:27 - 2010-02-18 15:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-12-03 19:27 - 2010-02-18 12:52 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2013-12-03 19:27 - 2010-01-25 13:48 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2013-12-03 19:27 - 2010-01-25 13:48 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2013-12-03 19:27 - 2010-01-25 13:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2013-12-03 19:27 - 2010-01-25 13:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2013-12-03 19:27 - 2010-01-25 13:45 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2013-12-03 19:27 - 2010-01-25 09:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2013-12-03 19:27 - 2010-01-25 09:35 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2013-12-03 19:27 - 2010-01-25 09:34 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2013-12-03 19:27 - 2010-01-25 09:34 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2013-12-03 19:27 - 2009-07-14 14:00 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2013-12-03 19:27 - 2009-07-14 09:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2013-12-03 19:27 - 2009-07-14 09:30 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2013-12-03 19:27 - 2008-08-28 04:40 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-03 19:27 - 2008-08-28 04:40 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2013-12-03 19:27 - 2008-08-28 04:40 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-03 19:26 - 2010-10-18 15:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-12-03 19:26 - 2009-04-23 13:42 - 00636928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-03 19:26 - 2008-09-18 05:56 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2013-12-03 19:26 - 2008-09-18 05:56 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-12-03 19:26 - 2008-08-12 04:39 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-03 19:26 - 2008-06-23 02:59 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2013-12-03 19:26 - 2008-06-23 02:58 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2013-12-03 19:24 - 2013-12-16 21:25 - 00000000 ____D C:\ProgramData\Avira
2013-12-03 19:21 - 2010-04-16 17:10 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-12-03 19:20 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2013-12-03 19:20 - 2011-02-16 16:29 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-03 19:20 - 2011-02-16 14:24 - 00292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-03 19:20 - 2010-06-16 16:12 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-12-03 19:20 - 2009-06-15 16:20 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-12-03 19:19 - 2011-02-18 14:31 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2013-12-03 19:18 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-03 19:18 - 2011-05-02 16:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2013-12-03 19:18 - 2011-03-10 17:12 - 01161728 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2013-12-03 19:18 - 2011-03-10 17:12 - 01136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2013-12-03 19:18 - 2011-03-02 15:49 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2013-12-03 19:18 - 2011-03-02 15:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2013-12-03 19:18 - 2010-05-27 20:16 - 00081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2013-12-03 19:18 - 2009-05-04 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2013-12-03 19:17 - 2010-08-17 14:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-12-03 19:17 - 2010-04-16 17:10 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-12-03 19:17 - 2010-04-05 17:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2013-12-03 19:17 - 2009-06-10 13:12 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2013-12-03 19:17 - 2008-10-21 06:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-03 19:16 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-12-03 19:16 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-12-03 19:16 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-03 19:16 - 2010-08-31 16:41 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2013-12-03 19:16 - 2010-08-31 16:41 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2013-12-03 19:16 - 2009-10-23 18:42 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-12-03 19:16 - 2009-06-15 19:20 - 00439896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-03 19:16 - 2009-06-15 16:24 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2013-12-03 19:16 - 2009-06-15 16:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-03 19:16 - 2009-06-15 16:23 - 01256448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-03 19:16 - 2009-06-15 16:21 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-12-03 19:16 - 2009-06-15 13:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-03 19:16 - 2008-10-16 05:47 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-12-03 19:15 - 2011-03-03 15:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2013-12-03 19:15 - 2011-03-03 14:01 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2013-12-03 19:15 - 2010-08-20 16:21 - 00866816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-12-03 19:15 - 2010-06-18 17:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2013-12-03 19:15 - 2010-06-11 16:30 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-12-03 19:15 - 2009-12-23 13:43 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-03 19:14 - 2010-01-15 01:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2013-12-03 19:14 - 2009-03-17 04:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll
2013-12-03 19:14 - 2009-03-17 04:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll
2013-12-03 19:14 - 2008-08-02 04:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-03 19:14 - 2008-08-02 02:01 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-03 19:14 - 2008-06-26 04:29 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2013-12-03 19:14 - 2008-06-26 04:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2013-12-03 19:14 - 2008-05-20 03:07 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2013-12-03 19:13 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-03 19:12 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-03 19:12 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-03 19:12 - 2011-04-12 15:53 - 00890368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-03 19:12 - 2010-12-17 17:43 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-03 19:12 - 2010-12-17 16:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-12-03 19:12 - 2009-08-10 14:05 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-12-03 19:11 - 2010-08-31 16:40 - 00531968 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-03 19:11 - 2010-06-16 16:59 - 00898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-03 19:11 - 2009-12-28 13:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2013-12-03 19:11 - 2009-12-28 13:32 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2013-12-03 19:11 - 2009-12-28 13:32 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2013-12-03 19:11 - 2009-12-28 13:32 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2013-12-03 19:11 - 2009-12-28 13:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2013-12-03 19:11 - 2009-12-28 13:31 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2013-12-03 19:11 - 2009-12-28 13:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2013-12-03 19:11 - 2009-12-28 13:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2013-12-03 19:11 - 2009-12-28 13:28 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2013-12-03 19:11 - 2009-10-07 13:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2013-12-03 19:11 - 2009-10-07 13:41 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2013-12-03 19:11 - 2009-09-04 13:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2013-12-03 19:11 - 2009-04-23 13:43 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-03 19:11 - 2009-04-02 13:37 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2013-12-03 19:11 - 2008-10-21 06:25 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2013-12-03 19:10 - 2009-09-10 16:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2013-12-03 19:10 - 2009-07-14 13:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2013-12-03 19:10 - 2009-07-14 13:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2013-12-03 19:10 - 2009-07-14 13:58 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2013-12-03 19:07 - 2013-12-03 19:07 - 00000000 ____D C:\Users\Public\Documents\Acer
2013-12-03 19:07 - 2013-12-03 19:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-12-03 19:07 - 2013-12-03 19:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-12-03 19:06 - 2013-12-03 19:06 - 00016092 _____ C:\Windows\system32\results.xml
2013-12-03 19:06 - 2013-12-03 19:06 - 00000040 ____H C:\Windows\system32\ivireg.ivr
2013-12-03 19:02 - 2013-12-03 19:02 - 00000000 ____D C:\Windows\ACER
2013-12-03 19:02 - 2013-12-03 19:02 - 00000000 ____D C:\Program Files\Acer Incorporated
2013-12-03 19:02 - 2008-05-30 14:45 - 07059403 _____ (Adobe Systems, Inc.) C:\Windows\system32\acer.exe
2013-12-03 19:02 - 2007-04-18 22:02 - 36909056 _____ C:\Windows\system32\acer.scr
2013-12-03 19:01 - 2013-12-03 19:01 - 00000092 _____ C:\Windows\GridV.UNI
2013-12-03 19:01 - 2013-12-03 19:01 - 00000000 ____D C:\ProgramData\eSobi
2013-12-03 19:01 - 2013-12-03 19:01 - 00000000 ____D C:\Program Files\eSobi
2013-12-03 19:01 - 2013-12-03 19:01 - 00000000 ____D C:\Program Files\Acer Inc
2013-12-03 18:59 - 2013-12-22 12:09 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-12-03 18:58 - 2008-08-01 09:51 - 00204800 _____ (Acer Inc.) C:\Windows\system32\SysHook.dll
2013-12-03 18:58 - 2008-08-01 09:51 - 00061440 _____ (Acer Inc.) C:\Windows\system32\MCEPlugin.dll
2013-12-03 18:56 - 2013-12-03 18:56 - 00000000 ____D C:\ProgramData\Corel
2013-12-03 18:55 - 2013-12-03 18:55 - 00000000 ____D C:\Program Files\Common Files\Protexis
2013-12-03 18:55 - 2013-12-03 18:55 - 00000000 ____D C:\Program Files\Common Files\InterVideo
2013-12-03 18:53 - 2013-12-03 18:55 - 00000000 ____D C:\Program Files\InterVideo
2013-12-03 18:51 - 2013-12-03 18:51 - 00386880 _____ C:\vcredist_x86.log
2013-12-03 18:51 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-03 18:51 - 2007-01-08 15:30 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-03 18:51 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-03 18:51 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-12-03 18:51 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-03 18:51 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-12-03 18:51 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-03 18:51 - 2006-09-28 16:04 - 00068888 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-03 18:50 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-03 18:50 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-03 18:50 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-03 18:50 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-12-03 18:50 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-03 18:50 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-03 18:50 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-03 18:50 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-03 18:50 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-03 18:50 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-03 18:50 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-03 18:50 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-03 18:50 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-03 18:50 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-03 18:49 - 2013-12-03 18:51 - 00088823 _____ C:\Windows\DirectX.log
2013-12-03 18:49 - 2013-12-03 18:49 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\InstallShield
2013-12-03 18:49 - 2013-12-03 18:49 - 00000000 ____D C:\Program Files\COREL
2013-12-03 18:48 - 2013-12-03 18:48 - 00000083 _____ C:\Windows\LManager.UNI
2013-12-03 18:48 - 2013-12-03 18:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01000.Wdf
2013-12-03 18:48 - 2013-12-03 18:48 - 00000000 ____D C:\Program Files\Launch Manager
2013-12-03 18:47 - 2013-12-03 18:47 - 00000000 ____D C:\Program Files\Synaptics
2013-12-03 18:44 - 2013-12-03 18:44 - 00000000 ____D C:\Windows\system32\SDA
2013-12-03 18:44 - 2013-12-03 18:44 - 00000000 ____D C:\Program Files\O2Micro Flash Memory Card Driver
2013-12-03 18:43 - 2008-03-14 02:48 - 00290816 _____ (Realtek Semiconductor Corp.) C:\Windows\RTKVADDA.EXE
2013-12-03 18:43 - 2007-11-15 00:18 - 00000553 _____ C:\Windows\USetup.iss
2013-12-03 18:41 - 2013-12-03 18:42 - 127944880 _____ C:\Users\Bettina\Downloads\avira_free1402_antivirus_de.exe
2013-12-03 18:41 - 2013-12-03 18:41 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-03 18:40 - 2013-12-03 18:43 - 00000426 _____ C:\RHDSetup.log
2013-12-03 18:40 - 2013-12-03 18:40 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2013-12-03 18:40 - 2013-12-03 18:40 - 00315392 _____ (Realtek Semiconductor Corp.) C:\Windows\HideWin.exe
2013-12-03 18:40 - 2013-12-03 18:40 - 00000000 ____D C:\Program Files\Realtek
2013-12-03 18:40 - 2008-05-21 03:06 - 06144000 _____ (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
2013-12-03 18:40 - 2008-05-21 03:01 - 02143136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-12-03 18:40 - 2008-05-20 03:25 - 01933312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-12-03 18:40 - 2008-05-20 00:12 - 01777664 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2013-12-03 18:40 - 2008-05-15 02:19 - 00695296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-12-03 18:40 - 2008-05-15 02:06 - 00540672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-12-03 18:40 - 2008-05-15 01:27 - 00032768 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2013-12-03 18:40 - 2008-05-15 00:54 - 02159616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-12-03 18:40 - 2008-05-14 02:52 - 00143360 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\FMAPO.dll
2013-12-03 18:40 - 2008-04-30 21:18 - 00159744 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-12-03 18:40 - 2008-04-30 17:48 - 00167936 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-12-03 18:40 - 2008-04-02 18:27 - 01196032 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlUpd.exe
2013-12-03 18:40 - 2008-03-28 19:59 - 00285216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-12-03 18:40 - 2008-03-06 03:07 - 00520192 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-12-03 18:40 - 2008-02-01 06:18 - 00001694 _____ C:\Windows\RtDefLvl.ini
2013-12-03 18:40 - 2007-11-21 03:15 - 01826816 _____ (Realtek Semiconductor Corp.) C:\Windows\SkyTel.exe
2013-12-03 18:40 - 2007-07-31 03:26 - 00126976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-12-03 18:40 - 2007-07-25 18:33 - 00135168 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-12-03 18:40 - 2007-07-13 23:11 - 00000008 _____ C:\Windows\system32\Drivers\rtkhdaud.dat
2013-12-03 18:40 - 2007-05-17 20:26 - 00185776 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-12-03 18:40 - 2006-12-13 19:30 - 00339968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-12-03 18:40 - 2005-06-27 14:29 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX1.dat
2013-12-03 18:40 - 2005-06-27 14:29 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX0.dat
2013-12-03 18:39 - 2013-12-03 18:39 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Macromedia
2013-12-03 18:38 - 2013-12-16 21:33 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Adobe
2013-12-03 18:38 - 2013-12-03 18:39 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Google
2013-12-03 17:36 - 2013-12-16 20:34 - 00000000 ____D C:\Users\Bettina\AppData\Local\Google
2013-12-03 17:36 - 2013-12-05 12:18 - 00100472 _____ C:\Users\Bettina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-03 17:36 - 2013-12-03 18:38 - 00000000 ____D C:\ProgramData\Google
2013-12-03 17:36 - 2013-12-03 17:36 - 00000953 _____ C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 17:36 - 2013-12-03 17:36 - 00000948 _____ C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-12-03 17:36 - 2013-12-03 17:36 - 00000919 _____ C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2013-12-03 17:36 - 2013-12-03 17:36 - 00000000 ____D C:\Users\Bettina\Documents\Eigene Google Gadgets
2013-12-03 17:35 - 2013-12-03 19:21 - 00000000 ____D C:\Program Files\Google
2013-12-03 17:35 - 2013-12-03 17:35 - 00000063 _____ C:\Windows\system32\SETAFR_Temp_DiskPart.txt
2013-12-03 17:34 - 2013-12-16 21:33 - 00000000 ____D C:\Users\Bettina\AppData\Local\VirtualStore
2013-12-03 17:34 - 2013-12-16 20:35 - 00000000 ____D C:\Users\Bettina
2013-12-03 17:34 - 2013-12-03 17:34 - 00000020 ___SH C:\Users\Bettina\ntuser.ini
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\Startmenü
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\Netzwerkumgebung
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\Druckumgebung
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\AppData\Local\Verlauf
2013-12-03 17:34 - 2008-01-21 03:42 - 00000000 ___RD C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-03 17:34 - 2008-01-21 03:42 - 00000000 ___RD C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Programme
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-03 17:23 - 2013-12-03 17:23 - 00000000 ____D C:\Program Files\CONEXANT
2013-12-03 17:22 - 2013-12-03 17:22 - 00000000 ____D C:\Windows\system32\x64
2013-12-03 17:22 - 2013-12-03 17:22 - 00000000 ____D C:\Windows\system32\Lang
2013-12-03 17:22 - 2008-07-17 00:27 - 00920088 _____ (Intel® Corporation) C:\Windows\system32\igxpun.exe
2013-12-03 17:22 - 2006-11-10 18:25 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll
2013-12-03 17:21 - 2013-12-22 12:03 - 01341460 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2013-12-22 12:10 - 2013-12-05 18:33 - 00009490 _____ C:\Users\Bettina\Downloads\FRST.txt
2013-12-22 12:09 - 2013-12-22 12:09 - 00000000 ____D C:\Users\Bettina\Downloads\FRST-OlderVersion
2013-12-22 12:09 - 2013-12-05 18:33 - 01325858 _____ (Farbar) C:\Users\Bettina\Downloads\FRST.exe
2013-12-22 12:09 - 2013-12-05 18:33 - 00000000 ____D C:\FRST
2013-12-22 12:09 - 2013-12-03 18:59 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-12-22 12:08 - 2013-12-03 19:31 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 12:08 - 2008-05-11 22:04 - 00000147 _____ C:\Windows\system32\agent.log
2013-12-22 12:08 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 12:08 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 12:08 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 12:07 - 2006-11-02 11:33 - 01616166 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-22 12:03 - 2013-12-03 17:21 - 01341460 _____ C:\Windows\WindowsUpdate.log
2013-12-22 12:01 - 2013-12-03 19:31 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-21 19:17 - 2006-11-02 14:01 - 00021314 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 17:35 - 2013-12-21 16:55 - 00000000 ____D C:\Users\Bettina\Desktop\mbar
2013-12-21 17:18 - 2013-12-21 16:57 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-21 17:18 - 2013-12-21 16:56 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-21 16:57 - 2013-12-16 21:25 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-21 16:57 - 2013-12-16 21:25 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-21 16:54 - 2013-12-21 16:54 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Bettina\Desktop\mbar-1.07.0.1008.exe
2013-12-21 16:50 - 2008-01-21 03:47 - 00519542 _____ C:\Windows\PFRO.log
2013-12-16 21:33 - 2013-12-16 21:32 - 00000000 ____D C:\Users\Bettina\AppData\Local\Adobe
2013-12-16 21:33 - 2013-12-03 18:38 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Adobe
2013-12-16 21:33 - 2013-12-03 17:34 - 00000000 ____D C:\Users\Bettina\AppData\Local\VirtualStore
2013-12-16 21:32 - 2013-12-16 21:32 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Avira
2013-12-16 21:26 - 2013-12-16 21:26 - 00001851 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-16 21:25 - 2013-12-16 21:25 - 00000000 ____D C:\Program Files\Avira
2013-12-16 21:25 - 2013-12-03 19:24 - 00000000 ____D C:\ProgramData\Avira
2013-12-16 21:17 - 2013-12-16 20:43 - 00000000 ____D C:\ProgramData\MFAData
2013-12-16 21:17 - 2013-12-15 12:27 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-16 20:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-16 20:51 - 2013-12-16 20:51 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\TuneUp Software
2013-12-16 20:43 - 2013-12-16 20:43 - 04425448 _____ (AVG Technologies) C:\Users\Bettina\Downloads\avg_avct_stb_all_2014_4116.exe
2013-12-16 20:43 - 2013-12-16 20:43 - 00000000 ____D C:\Users\Bettina\AppData\Local\MFAData
2013-12-16 20:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-16 20:38 - 2008-05-11 21:55 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-12-16 20:36 - 2013-12-16 20:35 - 00000310 _____ C:\Users\Bettina\RootkitRemover_20131216_203557.log
2013-12-16 20:35 - 2013-12-16 20:35 - 00782640 _____ (McAfee, Inc.) C:\Users\Bettina\Downloads\rootkitremover.exe
2013-12-16 20:35 - 2013-12-03 17:34 - 00000000 ____D C:\Users\Bettina
2013-12-16 20:34 - 2013-12-03 17:36 - 00000000 ____D C:\Users\Bettina\AppData\Local\Google
2013-12-15 12:31 - 2013-12-15 12:31 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\AVAST Software
2013-12-15 12:29 - 2013-12-15 12:29 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-15 12:05 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-12-09 18:47 - 2013-12-09 18:47 - 00000603 _____ C:\Users\Bettina\Desktop\MBRMastr_2013.12.09_18.47.05.txt
2013-12-09 18:47 - 2013-12-09 18:47 - 00000575 _____ C:\Users\Bettina\Desktop\emsi.zip
2013-12-09 18:47 - 2013-12-09 18:46 - 00000512 _____ C:\Users\Bettina\Desktop\emsi.mbr
2013-12-09 18:45 - 2013-12-09 18:44 - 00788728 _____ (Emsisoft GmbH) C:\Users\Bettina\Downloads\mbrmastr.exe
2013-12-09 18:28 - 2008-05-12 07:45 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-12-07 12:45 - 2013-12-07 12:45 - 00001593 _____ C:\Users\Public\Desktop\Browserwahl.lnk
2013-12-07 12:43 - 2006-11-02 13:47 - 00376376 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-06 13:42 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-12-06 13:42 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Movie Maker
2013-12-06 12:40 - 2013-12-06 12:39 - 00273114 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-12-06 12:39 - 2013-12-06 12:39 - 00284280 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-12-06 12:39 - 2013-12-06 12:39 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-05 18:35 - 2013-12-05 18:34 - 00016297 _____ C:\Users\Bettina\Downloads\Addition.txt
2013-12-05 18:33 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-05 14:52 - 2013-12-05 14:52 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-05 14:46 - 2013-12-05 14:46 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Bettina\Desktop\TDSSKiller19.exe
2013-12-05 14:39 - 2013-12-05 14:39 - 00028672 _____ C:\bcd_Backup
2013-12-05 14:39 - 2013-12-05 14:39 - 00025600 ___SH C:\bcd_Backup.LOG
2013-12-05 14:23 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-05 12:36 - 2013-12-05 12:36 - 50053120 _____ C:\Program Files\GUT757E.tmp
2013-12-05 12:36 - 2013-12-05 12:36 - 00000000 ____D C:\Program Files\GUM757D.tmp
2013-12-05 12:18 - 2013-12-03 17:36 - 00100472 _____ C:\Users\Bettina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 12:07 - 2013-12-05 12:07 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-12-04 03:16 - 2013-12-04 03:16 - 00001302 _____ C:\Windows\AceSto02.cfg
2013-12-04 03:16 - 2013-12-04 03:03 - 00467790 _____ C:\Windows\CapsuleDll.log
2013-12-04 03:16 - 2008-05-07 08:26 - 00000000 ____D C:\Book
2013-12-04 03:13 - 2013-12-04 03:13 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2013-12-04 03:13 - 2013-12-04 03:13 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2013-12-04 03:13 - 2013-12-04 03:13 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2013-12-04 03:12 - 2013-12-04 03:12 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-04 03:12 - 2013-12-04 03:12 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-04 03:12 - 2013-12-04 03:12 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-04 03:12 - 2013-12-04 03:12 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-04 03:12 - 2013-12-04 03:12 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-04 03:12 - 2013-12-04 03:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2013-12-04 03:12 - 2013-12-04 03:12 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2013-12-04 03:12 - 2013-12-04 03:12 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\pacerprf.dll
2013-12-04 03:10 - 2013-12-04 03:10 - 00885248 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2013-12-04 03:10 - 2013-12-04 03:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2013-12-04 03:10 - 2013-12-04 03:10 - 00009127 _____ C:\Windows\system32\RacUR.xml
2013-12-04 03:10 - 2013-12-04 03:10 - 00000153 _____ C:\Windows\system32\RacUREx.xml
2013-12-04 03:08 - 2013-12-04 03:08 - 01695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-04 03:08 - 2013-12-04 03:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2013-12-04 03:06 - 2013-12-04 03:06 - 00988216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-12-04 03:06 - 2013-12-04 03:06 - 00927288 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-12-04 03:06 - 2013-12-04 03:06 - 00615992 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2013-12-04 03:06 - 2013-12-04 03:06 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00019000 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2013-12-04 03:06 - 2013-12-04 03:06 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe
2013-12-04 03:06 - 2013-12-04 03:06 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll
2013-12-04 03:03 - 2013-12-04 03:03 - 00000000 ____D C:\Windows\Lan
2013-12-03 20:41 - 2013-12-03 20:41 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Malwarebytes
2013-12-03 20:41 - 2013-12-03 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 20:39 - 2013-12-03 20:39 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bettina\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 20:38 - 2013-12-03 19:50 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2013-12-03 19:57 - 2013-12-03 19:57 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Bettina\Downloads\mbam-setup.exe
2013-12-03 19:50 - 2013-12-03 19:50 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-03 19:49 - 2013-12-03 19:49 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bettina\Downloads\SpyHunter-Installer.exe
2013-12-03 19:49 - 2013-12-03 19:49 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-03 19:39 - 2013-12-03 19:37 - 00000000 ____D C:\AdwCleaner
2013-12-03 19:37 - 2013-12-03 19:37 - 01110034 _____ C:\Users\Bettina\Downloads\adwcleaner.exe
2013-12-03 19:21 - 2013-12-03 17:35 - 00000000 ____D C:\Program Files\Google
2013-12-03 19:08 - 2008-05-07 07:33 - 00639336 _____ C:\Windows\launApp.log
2013-12-03 19:08 - 2007-04-13 14:38 - 00000201 _____ C:\Windows\USER.XML
2013-12-03 19:07 - 2013-12-03 19:07 - 00000000 ____D C:\Users\Public\Documents\Acer
2013-12-03 19:07 - 2013-12-03 19:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-12-03 19:07 - 2013-12-03 19:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-12-03 19:07 - 2008-02-06 00:39 - 00000000 ____D C:\Elements
2013-12-03 19:06 - 2013-12-03 19:06 - 00016092 _____ C:\Windows\system32\results.xml
2013-12-03 19:06 - 2013-12-03 19:06 - 00000040 ____H C:\Windows\system32\ivireg.ivr
2013-12-03 19:06 - 2008-05-11 22:07 - 00000000 ____D C:\Program Files\Acer
2013-12-03 19:06 - 2008-05-07 07:33 - 00046922 _____ C:\Windows\PLaunch.log
2013-12-03 19:05 - 2008-05-11 21:51 - 00000000 ____D C:\ProgramData\McAfee
2013-12-03 19:02 - 2013-12-03 19:02 - 00000000 ____D C:\Windows\ACER
2013-12-03 19:02 - 2013-12-03 19:02 - 00000000 ____D C:\Program Files\Acer Incorporated
2013-12-03 19:02 - 2008-05-11 22:04 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-03 19:02 - 2008-05-07 08:26 - 00000202 _____ C:\Windows\Factory.xml
2013-12-03 19:01 - 2013-12-03 19:01 - 00000092 _____ C:\Windows\GridV.UNI
2013-12-03 19:01 - 2013-12-03 19:01 - 00000000 ____D C:\ProgramData\eSobi
2013-12-03 19:01 - 2013-12-03 19:01 - 00000000 ____D C:\Program Files\eSobi
2013-12-03 19:01 - 2013-12-03 19:01 - 00000000 ____D C:\Program Files\Acer Inc
2013-12-03 18:56 - 2013-12-03 18:56 - 00000000 ____D C:\ProgramData\Corel
2013-12-03 18:55 - 2013-12-03 18:55 - 00000000 ____D C:\Program Files\Common Files\Protexis
2013-12-03 18:55 - 2013-12-03 18:55 - 00000000 ____D C:\Program Files\Common Files\InterVideo
2013-12-03 18:55 - 2013-12-03 18:53 - 00000000 ____D C:\Program Files\InterVideo
2013-12-03 18:55 - 2008-05-11 21:53 - 00000000 ____D C:\ProgramData\SiteAdvisor
2013-12-03 18:51 - 2013-12-03 18:51 - 00386880 _____ C:\vcredist_x86.log
2013-12-03 18:51 - 2013-12-03 18:49 - 00088823 _____ C:\Windows\DirectX.log
2013-12-03 18:49 - 2013-12-03 18:49 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\InstallShield
2013-12-03 18:49 - 2013-12-03 18:49 - 00000000 ____D C:\Program Files\COREL
2013-12-03 18:48 - 2013-12-03 18:48 - 00000083 _____ C:\Windows\LManager.UNI
2013-12-03 18:48 - 2013-12-03 18:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01000.Wdf
2013-12-03 18:48 - 2013-12-03 18:48 - 00000000 ____D C:\Program Files\Launch Manager
2013-12-03 18:48 - 2008-05-07 07:39 - 00036898 _____ C:\Windows\DPINST.LOG
2013-12-03 18:48 - 2006-11-02 13:52 - 00145580 _____ C:\Windows\setupact.log
2013-12-03 18:47 - 2013-12-03 18:47 - 00000000 ____D C:\Program Files\Synaptics
2013-12-03 18:44 - 2013-12-03 18:44 - 00000000 ____D C:\Windows\system32\SDA
2013-12-03 18:44 - 2013-12-03 18:44 - 00000000 ____D C:\Program Files\O2Micro Flash Memory Card Driver
2013-12-03 18:43 - 2013-12-03 18:40 - 00000426 _____ C:\RHDSetup.log
2013-12-03 18:42 - 2013-12-03 18:41 - 127944880 _____ C:\Users\Bettina\Downloads\avira_free1402_antivirus_de.exe
2013-12-03 18:41 - 2013-12-03 18:41 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-03 18:40 - 2013-12-03 18:40 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2013-12-03 18:40 - 2013-12-03 18:40 - 00315392 _____ (Realtek Semiconductor Corp.) C:\Windows\HideWin.exe
2013-12-03 18:40 - 2013-12-03 18:40 - 00000000 ____D C:\Program Files\Realtek
2013-12-03 18:39 - 2013-12-03 18:39 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Macromedia
2013-12-03 18:39 - 2013-12-03 18:38 - 00000000 ____D C:\Users\Bettina\AppData\Roaming\Google
2013-12-03 18:38 - 2013-12-03 17:36 - 00000000 ____D C:\ProgramData\Google
2013-12-03 17:37 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\restore
2013-12-03 17:36 - 2013-12-03 17:36 - 00000953 _____ C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 17:36 - 2013-12-03 17:36 - 00000948 _____ C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-12-03 17:36 - 2013-12-03 17:36 - 00000919 _____ C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2013-12-03 17:36 - 2013-12-03 17:36 - 00000000 ____D C:\Users\Bettina\Documents\Eigene Google Gadgets
2013-12-03 17:36 - 2008-05-07 08:26 - 00000000 ____D C:\Acer
2013-12-03 17:35 - 2013-12-03 17:35 - 00000063 _____ C:\Windows\system32\SETAFR_Temp_DiskPart.txt
2013-12-03 17:34 - 2013-12-03 17:34 - 00000020 ___SH C:\Users\Bettina\ntuser.ini
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\Startmenü
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\Netzwerkumgebung
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\Druckumgebung
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-03 17:34 - 2013-12-03 17:34 - 00000000 _SHDL C:\Users\Bettina\AppData\Local\Verlauf
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\Programme
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-03 17:31 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-12-03 17:31 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Windows NT
2013-12-03 17:24 - 2008-02-06 00:25 - 00000000 ____D C:\Windows\Panther
2013-12-03 17:23 - 2013-12-03 17:23 - 00000000 ____D C:\Program Files\CONEXANT
2013-12-03 17:22 - 2013-12-03 17:22 - 00000000 ____D C:\Windows\system32\x64
2013-12-03 17:22 - 2013-12-03 17:22 - 00000000 ____D C:\Windows\system32\Lang
2013-12-03 17:21 - 2008-02-06 00:29 - 00005949 _____ C:\Windows\TSSysprep.log
2013-12-03 17:19 - 2006-11-02 13:48 - 00005506 _____ C:\Windows\DtcInstall.log
2013-11-22 12:01 - 2013-12-16 21:25 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-22 12:01 - 2013-12-16 21:25 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

Some content of TEMP:
====================
C:\Users\Bettina\AppData\Local\Temp\avgnt.exe
C:\Users\Bettina\AppData\Local\Temp\Quarantine.exe
C:\Users\Bettina\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Bettina\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-22 12:06

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 23.12.2013, 08:27   #26
schrauber
/// the machine
/// TB-Ausbilder
 

MBR-Virus BOO/Tdss.O - Standard

MBR-Virus BOO/Tdss.O



Fertig

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu MBR-Virus BOO/Tdss.O
antivirenprogramm, bedrohung, bereits, einstellungen, gefunde, gefundene, gefundenen, gemeinde, gen, hoffe, laptop, laufen, liebe, meckert, melde, meldet, neustart, programm, scan, scanne, scannen, stelle, thema, weiterhelfen, wiederholt




Ähnliche Themen: MBR-Virus BOO/Tdss.O


  1. Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.09.2014 (24)
  2. Windows 7: Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.05.2014 (33)
  3. BOO/TDss.O Virus gefunden
    Log-Analyse und Auswertung - 18.12.2013 (32)
  4. Windows 7 - Virus Namens BOO/TDss.O
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (3)
  5. BOO/TDss.O Virus entfernen
    Log-Analyse und Auswertung - 02.05.2012 (40)
  6. System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O
    Log-Analyse und Auswertung - 21.01.2012 (82)
  7. BOO/TDss.D Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (8)
  8. BOO/TDss im Masterboot und Google Redirect Virus
    Log-Analyse und Auswertung - 24.10.2011 (14)
  9. Kann BOO/TDss.M - Virus / Malware nicht entfernen!
    Log-Analyse und Auswertung - 20.10.2011 (37)
  10. Bootloader-Virus: Tdss.d
    Log-Analyse und Auswertung - 16.10.2011 (16)
  11. Masterbootsektor HD0 Virus BOO/TDss.D
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (35)
  12. Tdss.D Virus Trots Formatierung immer noch da
    Plagegeister aller Art und deren Bekämpfung - 17.09.2011 (1)
  13. TDSS.M Auf C:\ bekomme den Virus nicht entfernt.
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (1)
  14. HL-DT-ST DVDRAM GT20N Code 39 und Virus boo/tdss.a
    Plagegeister aller Art und deren Bekämpfung - 20.01.2011 (1)
  15. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  16. Virus Rootkit.Win32.TDSS.a
    Plagegeister aller Art und deren Bekämpfung - 08.07.2009 (10)
  17. Rootkit RKIT/TDss.G.22 Backdoorprogramm BDS/TDSS.adb und Trojaner TR/Proxy.GHY
    Log-Analyse und Auswertung - 21.12.2008 (28)

Zum Thema MBR-Virus BOO/Tdss.O - Gleiches Spiel nochmal, diesmal dieser Befehl: BootRec.exe /fixboot Dann: Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop. Führe die mbrmastr.exe aus. Drücke auf Backup MBR - MBR-Virus BOO/Tdss.O...
Archiv
Du betrachtest: MBR-Virus BOO/Tdss.O auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.