Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Benutzerkonto wird fremd geleitet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 04.04.2014, 01:54   #1
nickdaniela
 
Windows 7: Benutzerkonto wird fremd geleitet - Icon27

Windows 7: Benutzerkonto wird fremd geleitet



Hallo an alle,

ich habe mir leider etwas eingefangen.

Ohne Probleme funktioniert nur mein Admin-Konto, aber ich habe schon so viel rumgemacht, dass auch hier bereits Malware am Start war. Snapdo u.a. + irgendetwas mit Open Candy glaube ich.

Mein Benutzerkonto verhält sich folgendermaßen: Als Hintergrundbild habe ich immer ein neues Foto von Bing. Dieses Bild bleibt immer gleich + aktualisiert sich nicht mehr. Aktualisierungen von Virenscannern werden nicht mehr durchgeführt. Den Echtzeitschutz von Malwarebytes konnte ich nicht aktivieren. Internet Explorer öffnet sich nicht mehr. Firefox öffnet sich mit Snapdo. Als ich mich im Online-Banking anmelden wollte, startete auf einmal Freemake Downloader, den ich auf dem Rechner hatte. Ihn habe ich deinstalliert + mich natürlich mit dem Benutzerkonto nicht im Online Banking angemeldet. Alles läuft extrem langsam.

Ich habe das Admin-Konto im abgesicherten Modus gestartet + als Administrator Rkill, Malwarebytes + TDSSKiller laufen lassen, aber nichts änderte sich. Mein Notebook war dann so heiß, dass es teilweise nicht mehr startete. Ich hatte aber so einen Zorn, dass ich es immer wieder probiert habe, so dass das System schon fast zerschossen war. Eine Systemabbild-Rückspielung brachte eine Fehlermeldung, setzte den Rechner aber doch auf 2013 zurück. Allerdings ohne Besserung im Benutzerkonto zu bringen. Panda Cloud Cleaner brachte noch ein paar Probleme, die ich beheben ließ.

Ich hoffe, dass ihr mir helfen könnt, den Rechner + das Benutzerkonto doch noch zu retten. Ich muss dringend an meine E-Mails + kann nicht.

Hier sind die Logfiles:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:07 on 04/04/2014 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Admin (administrator) on DANI-PC on 04-04-2014 01:11:18
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
(Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2387088 2013-04-10] (Microsoft Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [293376 2013-06-13] (Microsoft Corporation)
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PostDa.exe - Verknüpfung.lnk
ShortcutTarget: PostDa.exe - Verknüpfung.lnk -> C:\Users\Admin\Downloads\postda_mit_pdf\PostDa.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF54F4976454ECF01
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files\NOS\bin\np_gp.dll No File
FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\Extensions\staged [2014-04-02]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-09-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-08]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]

========================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd)
S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [3718656 2010-03-24] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-03-24] (Broadcom Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.)
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 01:11 - 2014-04-04 01:11 - 00016247 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-04 01:11 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:06 - 2014-04-04 01:07 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.log
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 00:31 - 2014-04-04 00:41 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:03 - 2014-04-04 00:04 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-04-03 03:27 - 2014-04-03 03:30 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 00:35 - 2014-04-03 19:19 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-02 22:10 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-04-02 17:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:40 - 2014-04-02 09:48 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-02 09:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-02 09:39 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-02 09:39 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-02 09:39 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-02 09:38 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-02 09:38 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-02 09:38 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-02 09:38 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-02 09:38 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-02 09:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-04-02 09:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-02 09:38 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-02 09:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-02 09:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-02 09:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-02 09:37 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-02 08:56 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-02 08:56 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-02 08:56 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-02 08:56 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-02 08:56 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-02 08:56 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-02 08:56 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-02 08:56 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-02 08:56 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-02 08:36 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-02 08:36 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-02 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-02 08:27 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-02 08:27 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-02 08:27 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-02 08:27 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-02 08:27 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-02 08:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-02 08:26 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-02 08:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-02 08:24 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-02 08:24 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-02 08:24 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-02 08:23 - 2013-09-25 04:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-02 08:23 - 2013-09-25 04:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-02 08:23 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-02 08:23 - 2013-09-25 02:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-02 08:23 - 2013-09-25 02:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-02 08:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-02 08:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-02 08:23 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-02 08:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-02 08:20 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-02 08:20 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-02 08:20 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-02 08:20 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-02 08:20 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-02 08:20 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-02 08:20 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-02 08:20 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-02 08:20 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-02 08:20 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-02 08:20 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-02 08:20 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-02 08:20 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-02 08:19 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-02 08:19 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-02 08:19 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-02 08:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-02 08:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-02 08:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-02 08:19 - 2013-10-03 03:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-02 08:19 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-02 08:19 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-02 08:19 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-02 08:19 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-02 08:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-01 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-31 21:36 - 2014-03-31 19:54 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-08 02:59 - 2014-03-18 01:07 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner
2014-03-08 02:42 - 2014-03-08 03:07 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger

==================== One Month Modified Files and Folders =======

2014-04-04 01:11 - 2014-04-04 01:11 - 00016247 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-04 01:11 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:07 - 2014-04-04 01:06 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.log
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 01:06 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Admin
2014-04-04 01:04 - 2013-06-13 22:02 - 01840652 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 01:00 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 01:00 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 00:52 - 2013-06-13 22:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 00:45 - 2011-09-25 05:37 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 00:44 - 2013-06-14 12:41 - 00005065 _____ () C:\Windows\setupact.log
2014-04-04 00:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 00:42 - 2013-06-13 01:04 - 00000000 ____D () C:\Users\Admin\Downloads\Patchloader Win7 Reparatur
2014-04-04 00:41 - 2014-04-04 00:31 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:41 - 2011-03-22 19:35 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-04-04 00:41 - 2011-03-22 19:35 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-04 00:37 - 2013-06-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 00:35 - 2011-09-25 05:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 00:33 - 2010-08-22 17:03 - 00000000 ____D () C:\Users\Dani\Scans
2014-04-04 00:16 - 2012-07-27 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 00:04 - 2014-04-04 00:03 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 23:53 - 2011-09-25 14:55 - 00103158 _____ () C:\Windows\PFRO.log
2014-04-03 20:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 19:19 - 2014-04-03 00:35 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-03 19:04 - 2013-07-10 18:30 - 00000000 ____D () C:\Users\Dani\AppData\Local\FreePDF_XP
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2011-03-29 04:11 - 00000000 ____D () C:\Program Files\Panda Security
2014-04-03 03:30 - 2014-04-03 03:27 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 02:58 - 2013-06-14 02:01 - 00000000 ____D () C:\Windows\Minidump
2014-04-03 00:22 - 2013-06-13 22:17 - 00085040 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 00:21 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Dani
2014-04-02 22:43 - 2014-04-01 22:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-02 22:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-02 22:07 - 2011-09-24 21:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 22:06 - 2012-05-16 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-02 21:47 - 2014-04-02 21:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2011-08-06 21:45 - 00000000 ____D () C:\ProgramData\Freemake
2014-04-02 17:43 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-02 10:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-02 10:17 - 2012-04-01 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-02 10:17 - 2011-05-19 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-02 10:03 - 2013-07-10 16:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-02 09:48 - 2014-04-02 09:40 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:21 - 2010-03-25 23:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-02 09:21 - 2009-07-14 06:33 - 00345488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-02 09:16 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Gast
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Administrator
2014-04-02 08:31 - 2013-06-14 14:13 - 00000000 ____D () C:\Users\Dani\Downloads\postda_mit_pdf
2014-04-02 08:31 - 2013-02-24 23:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\PDF reDirect
2014-04-02 08:31 - 2013-01-18 19:08 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-02 08:31 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Adobe
2014-04-02 08:31 - 2012-09-29 05:59 - 00000000 ____D () C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2014-04-02 08:31 - 2012-08-26 17:18 - 00000000 ____D () C:\Windows\system32\Adobe
2014-04-02 08:31 - 2012-07-16 18:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-02 08:31 - 2012-04-07 15:18 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-04-02 08:31 - 2011-04-03 01:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 08:31 - 2011-03-23 17:38 - 00000000 ____D () C:\Program Files\PixelNet Software
2014-04-02 08:31 - 2011-03-23 16:37 - 00000000 ____D () C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2014-04-02 08:31 - 2011-03-23 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-02 08:31 - 2011-03-23 14:53 - 00000000 ____D () C:\ProgramData\Installations
2014-04-02 08:31 - 2010-05-29 23:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-05-29 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-03-25 21:24 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-02 08:31 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-02 08:30 - 2014-02-08 04:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner
2014-04-02 08:29 - 2014-02-01 04:04 - 00000000 ____D () C:\Users\Dani\Downloads\defender41
2014-04-02 08:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-02 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-04-02 08:23 - 2011-04-03 01:57 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 08:22 - 2012-04-24 23:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\elsterformular
2014-04-02 08:22 - 2011-12-31 06:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-02 08:21 - 2013-06-13 20:55 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-04-02 08:21 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-02 08:21 - 2011-03-05 14:20 - 00000000 ____D () C:\Program Files\Java
2014-04-02 07:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-02 07:35 - 2013-06-14 01:27 - 00085040 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 21:30 - 2013-09-15 03:37 - 00000000 ____D () C:\Users\Dani\Ulk
2014-03-31 19:54 - 2014-03-31 21:36 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-31 19:51 - 2013-09-27 02:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-26 19:16 - 2011-04-14 19:59 - 00000000 ____D () C:\Users\Dani\Eigene Scans
2014-03-24 07:30 - 2014-04-02 21:39 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-03-24 07:30 - 2012-06-14 19:24 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Dani\Downloads\TDSSKiller.exe
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-18 01:07 - 2014-03-08 02:59 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-08 03:07 - 2014-03-08 02:42 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.1.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 20:14

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Admin at 2014-04-04 01:12:47
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
ActivClient x86 (Version: 6.2 - ActivIdentity) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X Lite - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Allway Sync version 10.4.0 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{A990D795-F751-39DA-DDD4-07ED04CEC7CE}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)
AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.2.126.0 - Microsoft Corporation)
BIOS Configuration for HP ProtectTools (HKLM\...\{1960BE46-E85A-4933-B10A-6D8516585288}) (Version: 4.00 E1 - Hewlett-Packard)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.18.12 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canasta Deluxe DEMO 1.0 (HKLM\...\{FC2E457B-5109-4FA2-94F0-8E577AE54CA7}_is1) (Version: Canasta Deluxe DEMO - Zone 2 Media GmbH)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0521.2235.38731 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0521.2235.38731 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Czech (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Danish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Dutch (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help English (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Finnish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help French (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help German (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Greek (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Italian (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Japanese (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Korean (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Polish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Russian (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Spanish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Swedish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Thai (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Turkish (Version: 2009.0521.2234.38731 - ATI) Hidden
ccc-core-static (Version: 2009.0521.2235.38731 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0521.2235.38731 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Credential Manager for HP ProtectTools (Version: 4.1.6.1484 - Hewlett-Packard Company) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DelinvFile - 4.04 (HKLM\...\DelinvFile_is1) (Version: 4.04 - Assistance and Resources for Computing, Inc.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.3 - Hewlett-Packard)
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Plus Media Foundation Components (HKLM\...\{DA703982C580418795BF4001AA9D7061}) (Version: 1.0.0 - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EGVP Classic-Client (HKLM\...\{EB32B660-3A59-4361-864B-E0116B5AF340}) (Version: 2.7.0.0 - bos KG)
ElsterFormular (HKLM\...\ElsterFormular 13.1.1.8531p) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.10 - Hewlett-Packard)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.0 - EZ Freeware)
Free YouTube to MP3 Converter version 3.10.11.923 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Broadband Wireless Modules (HKLM\...\{AA0CBF76-BD8E-48C0-AE32-31684A629836}) (Version: 18.14.1715.1 - Sierra Wireless Inc)
HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP ESU for Microsoft Windows 7 (HKLM\...\{1C47EEFD-ADC8-4B7C-9979-C550573B4C42}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9602 - Broadcom Corporation)
HP JavaCard for HP ProtectTools (Version: 04.10.10.0003 - Hewlett-Packard) Hidden
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP ProtectTools Security Manager (Version: 04.10.10.0003 - Hewlett-Packard) Hidden
HP ProtectTools Security Manager Suite (HKLM\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP SoftPaq Download Manager (HKLM\...\{3F728815-C7E8-40EA-8D1A-F7B8E2382325}) (Version: 3.4.10.0 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
inSSIDer 2.0 (HKLM\...\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}) (Version: 2.0.7 - MetaGeek)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{13CD417D-F1F1-4AC4-945D-FDDEB884756F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 19.0 (x86 de) (HKLM\...\Mozilla Firefox 19.0 (x86 de)) (Version: 19.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM\...\{4D568C38-0552-4CDD-A643-01FAFA2957EF}) (Version: 02.06.006.44298 - Nokia Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Panda ActiveScan 2.0 (HKLM\...\ActiveScan 2.0) (Version: 01.04.01.0000 - Panda Security)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.98 - Panda Security)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
pcwPatchLoader 2.3.2 (HKLM\...\{84420A29-9A17-416E-AE2E-019BC23B5353}_is1) (Version:  - IDG Tech Media GmbH)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PixelNet Software 4.12.1 (HKLM\...\PixelNet Software) (Version: 4.12.1 - ORWO Net)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
Privacy Manager for HP ProtectTools (HKLM\...\{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}) (Version: 1.0.1.599 - DigitalPersona, Inc.)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RT 7 Lite (32-Bit) (HKCU\...\RT 7 Lite x86) (Version: 2.6.0 - Rockers Team)
RT 7 Lite x86 (Version: 2.6.0 - Rockers Team) Hidden
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5240 - Analog Devices)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TARGUS ACP45 (HKLM\...\{72AFDA89-371C-4596-B1ED-6F0E2CFFE5AA}) (Version: 3.1.4 - Targus)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 Default Setting (HKLM\...\{AEACD7BE-7E12-490D-80B2-C7DEBDBD8915}) (Version: 1.0.0.8 - Hewlett-Packard)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

02-04-2014 06:20:14 Windows Update
02-04-2014 06:27:38 Windows Update
02-04-2014 07:39:22 Windows Update
02-04-2014 19:52:18 TuneUp Utilities 2014 wird entfernt
02-04-2014 19:53:24 TuneUp Utilities 2014 (de-DE) wird entfernt
02-04-2014 19:58:47 Windows Update
03-04-2014 22:00:06 Windows Modules Installer
03-04-2014 22:49:25 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {31C8669B-9C3B-451B-9AC7-164294F6AA55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)
Task: {38B42F69-650A-42BB-B0C1-063502D58BFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {462CFE2D-16BF-4049-8500-B886B8728731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)
Task: {5500CCD2-0905-4F7E-821B-F5BE1EDBFE55} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {641B1BE8-CAA4-43F1-A59B-975028D0226F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02] (Adobe Systems Incorporated)
Task: {7CE267E9-11F3-48FF-B585-4CEEB3F63631} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7E09977D-C7E9-42F6-88E4-2DA4D2F77D58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7EB934C2-E92C-4FCC-B76D-BC23E55E7AEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {A438A2B3-BC47-43F9-A1AF-10EE72B542EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {DBFA760D-0806-4728-9277-2DFF2AE20525} - System32\Tasks\Games\UpdateCheck_S-1-5-21-989268616-2580872740-1510082382-1005
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateChoiceProcessTask.job => C:\Windows\System32\browserchoice.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2013-07-10 18:27 - 2012-08-18 11:31 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2010-03-24 17:51 - 2010-03-24 17:51 - 00026112 _____ () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
2011-01-23 18:38 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-04 23:32 - 2010-07-04 23:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 02302040 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 08197208 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00345688 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00202328 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00027736 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00282200 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24685898.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24685898.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2014 09:55:40 PM) (Source: Microsoft-Windows-RestartManager) (User: Dani-PC)
Description: Die Anwendung oder der Dienst "linmsl" konnte nicht heruntergefahren werden.

Error: (04/02/2014 07:12:39 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2}

Error: (04/02/2014 07:12:39 AM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
]


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2}

Error: (04/02/2014 07:11:48 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x80048883

Error: (04/02/2014 06:09:25 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c}

Error: (04/02/2014 06:09:25 AM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
]


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c}

Error: (04/02/2014 06:08:31 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x80048883

Error: (04/02/2014 05:53:26 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9}

Error: (04/02/2014 05:53:26 AM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
]


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9}

Error: (04/02/2014 05:52:33 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x80048883


System errors:
=============
Error: (04/04/2014 00:44:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Routing und RAS" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%20

Error: (04/04/2014 00:44:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler beendet: 
%%20

Error: (04/04/2014 00:44:40 AM) (Source: RasMan) (User: )
Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [vpnike.dll] nicht initialisiert wurde. Das System kann das angegebene Gerät nicht finden.

Error: (04/04/2014 00:44:35 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bing Desktop Update service erreicht.

Error: (04/04/2014 00:07:30 AM) (Source: DCOM) (User: )
Description: {69D77689-DA2B-4308-8404-2614CBF9896E}

Error: (04/03/2014 11:54:55 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 8
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (04/03/2014 11:54:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler beendet: 
%%20

Error: (04/03/2014 11:54:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Routing und RAS" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%20

Error: (04/03/2014 11:54:29 PM) (Source: RasMan) (User: )
Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [vpnike.dll] nicht initialisiert wurde. Das System kann das angegebene Gerät nicht finden.

Error: (04/03/2014 11:54:16 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bing Desktop Update service erreicht.


Microsoft Office Sessions:
=========================
Error: (04/02/2014 09:55:40 PM) (Source: Microsoft-Windows-RestartManager)(User: Dani-PC)
Description: 1C:\Program Files\LPT\linmsl.exelinmsl0511754800

Error: (04/02/2014 07:12:39 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2}

Error: (04/02/2014 07:12:39 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2}

Error: (04/02/2014 07:11:48 AM) (Source: SignInAssistant)(User: )
Description: InitializeSvcAPI failed with hr = 0x80048883

Error: (04/02/2014 06:09:25 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c}

Error: (04/02/2014 06:09:25 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c}

Error: (04/02/2014 06:08:31 AM) (Source: SignInAssistant)(User: )
Description: InitializeSvcAPI failed with hr = 0x80048883

Error: (04/02/2014 05:53:26 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9}

Error: (04/02/2014 05:53:26 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9}

Error: (04/02/2014 05:52:33 AM) (Source: SignInAssistant)(User: )
Description: InitializeSvcAPI failed with hr = 0x80048883


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 2943.3 MB
Available physical RAM: 1700.42 MB
Total Pagefile: 5884.9 MB
Available Pagefile: 4438.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:71.6 GB) (Free:15.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:2.93 GB) (Free:2.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 8451F94D)
Partition 1: (Active) - (Size=72 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-04 01:54:53
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541680J9SA00 rev.SB2OC7BP 74,53GB
Running: g5w19qcz.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxldapod.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                         82E40A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82E7A212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x90829000, 0x2678C8, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys

Device          \Driver\BTHUSB \Device\00000078                                                                  bthport.sys
Device          \Driver\BTHUSB \Device\0000007a                                                                  bthport.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb109fe                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings                        
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb109fe (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)    
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@FindFlags                         14
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@LastKey                           Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{ae4bd3be-f36f-45b6-8d21-bdd6fb832853}\ChannelReferences\2

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
Rkill 2.5.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/03/2014 07:16:56 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * COM+-Ereignissystem (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Sicherheitscenter (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 04/03/2014 07:19:30 PM
Execution time: 0 hours(s), 2 minute(s), and 34 seconds(s)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.04.02.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 10.0.9200.16844
Admin :: DANI-PC [Administrator]

02.04.2014 17:46:50
mbam-log-2014-04-02 (17-46-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 501714
Laufzeit: 1 Stunde(n), 34 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\SMARTBAR (PUP.Optional.SnapDo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\Smartbar|publisher (PUP.Optional.SnapDo.A) -> Daten: SnapdoOCYB -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\Admin\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Roaming\OpenCandy\5F4FEAB891874B3E967754948A89A94B (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Roaming\OpenCandy\968E141CC0FE4FB59222C47EF0DD37BB (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\Admin\AppData\Roaming\OpenCandy\5F4FEAB891874B3E967754948A89A94B\Installer.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Roaming\OpenCandy\968E141CC0FE4FB59222C47EF0DD37BB\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
LG von Daniela

Alt 04.04.2014, 06:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Benutzerkonto wird fremd geleitet - Standard

Windows 7: Benutzerkonto wird fremd geleitet



Hi,

fraglich ob da noch was geht nach dem ganzen Rumprobieren.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 04.04.2014, 17:31   #3
nickdaniela
 
Windows 7: Benutzerkonto wird fremd geleitet - Ausrufezeichen

Windows 7: Benutzerkonto wird fremd geleitet



Hallo Schrauber,

vielen Dank, dass du mir helfen willst.

Tatsächlich läuft mein System aber trotz dem Mist, den ich gemacht habe, sehr stabil.

Hier sind die gewünschten Logs (JRT hat gleich etwas gefunden + wollte, dass ich einem Rechnerneustart zur Bereinigung zustimme, was ich auch getan habe):

Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 04/04/2014 um 17:54:26
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Admin - DANI-PC
# Gestartet von : C:\Users\Admin\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\uniblue
Ordner Gelöscht : C:\Program Files\targus
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Dani\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Dani\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Gast\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\ConduitCommon
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\a30cidtl.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ixw6n3d1.default\searchplugins\Web Search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v19.0 (de)

[ Datei : C:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\a30cidtl.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbNzdsBKz[...]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbU[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbli7n9wmWK0A18A[...]

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\prefs.js ]


[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ixw6n3d1.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbU[...]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbli7n9wmWK0A18A[...]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbNzdsBKz[...]

*************************

AdwCleaner[R0].txt - [5027 octets] - [04/04/2014 17:52:01]
AdwCleaner[S0].txt - [4914 octets] - [04/04/2014 17:54:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4974 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by Admin on 04.04.2014 at 18:05:09,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}
Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hy2vqeap.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hy2vqeap.default\extensions\staged



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2014 at 18:12:07,22
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Admin (administrator) on DANI-PC on 04-04-2014 18:14:02
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
(Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2387088 2013-04-10] (Microsoft Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [293376 2013-06-13] (Microsoft Corporation)
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PostDa.exe - Verknüpfung.lnk
ShortcutTarget: PostDa.exe - Verknüpfung.lnk -> C:\Users\Admin\Downloads\postda_mit_pdf\PostDa.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF54F4976454ECF01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files\NOS\bin\np_gp.dll No File
FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-08]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]

========================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd)
S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [3718656 2010-03-24] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-03-24] (Broadcom Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.)
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2014-04-04 17:51 - 2014-04-04 17:54 - 00000000 ____D () C:\AdwCleaner
2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe
2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt
2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe
2014-04-04 01:12 - 2014-04-04 01:14 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-04-04 01:11 - 2014-04-04 18:14 - 00015106 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-04 01:11 - 2014-04-04 18:14 - 00000000 ____D () C:\FRST
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:06 - 2014-04-04 01:07 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 00:31 - 2014-04-04 00:41 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:03 - 2014-04-04 00:04 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-04-03 03:27 - 2014-04-03 03:30 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 00:35 - 2014-04-03 19:19 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-02 22:10 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-04-02 17:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:40 - 2014-04-02 09:48 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-02 09:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-02 09:39 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-02 09:39 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-02 09:39 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-02 09:38 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-02 09:38 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-02 09:38 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-02 09:38 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-02 09:38 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-02 09:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-04-02 09:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-02 09:38 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-02 09:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-02 09:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-02 09:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-02 09:37 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-02 08:56 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-02 08:56 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-02 08:56 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-02 08:56 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-02 08:56 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-02 08:56 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-02 08:56 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-02 08:56 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-02 08:56 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-02 08:36 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-02 08:36 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-02 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-02 08:27 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-02 08:27 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-02 08:27 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-02 08:27 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-02 08:27 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-02 08:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-02 08:26 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-02 08:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-02 08:24 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-02 08:24 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-02 08:24 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-02 08:23 - 2013-09-25 04:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-02 08:23 - 2013-09-25 04:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-02 08:23 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-02 08:23 - 2013-09-25 02:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-02 08:23 - 2013-09-25 02:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-02 08:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-02 08:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-02 08:23 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-02 08:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-02 08:20 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-02 08:20 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-02 08:20 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-02 08:20 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-02 08:20 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-02 08:20 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-02 08:20 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-02 08:20 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-02 08:20 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-02 08:20 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-02 08:20 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-02 08:20 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-02 08:20 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-02 08:19 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-02 08:19 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-02 08:19 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-02 08:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-02 08:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-02 08:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-02 08:19 - 2013-10-03 03:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-02 08:19 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-02 08:19 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-02 08:19 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-02 08:19 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-02 08:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-01 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-31 21:36 - 2014-03-31 19:54 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-08 02:59 - 2014-03-18 01:07 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner
2014-03-08 02:42 - 2014-03-08 03:07 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger

==================== One Month Modified Files and Folders =======

2014-04-04 18:14 - 2014-04-04 01:11 - 00015106 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-04 18:14 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST
2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-04 18:11 - 2013-06-13 22:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 18:11 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 18:11 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 18:04 - 2011-09-25 05:37 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 18:03 - 2013-06-14 12:41 - 00026137 _____ () C:\Windows\setupact.log
2014-04-04 18:03 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 18:01 - 2013-06-13 22:02 - 01858244 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2014-04-04 17:54 - 2014-04-04 17:51 - 00000000 ____D () C:\AdwCleaner
2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe
2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-04-04 17:35 - 2011-09-25 05:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 17:16 - 2012-07-27 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt
2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe
2014-04-04 01:14 - 2014-04-04 01:12 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:07 - 2014-04-04 01:06 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 01:06 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Admin
2014-04-04 00:41 - 2014-04-04 00:31 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:41 - 2011-03-22 19:35 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-04-04 00:41 - 2011-03-22 19:35 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-04 00:37 - 2013-06-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 00:33 - 2010-08-22 17:03 - 00000000 ____D () C:\Users\Dani\Scans
2014-04-04 00:04 - 2014-04-04 00:03 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 23:53 - 2011-09-25 14:55 - 00103158 _____ () C:\Windows\PFRO.log
2014-04-03 20:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 19:19 - 2014-04-03 00:35 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-03 19:04 - 2013-07-10 18:30 - 00000000 ____D () C:\Users\Dani\AppData\Local\FreePDF_XP
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2011-03-29 04:11 - 00000000 ____D () C:\Program Files\Panda Security
2014-04-03 03:30 - 2014-04-03 03:27 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 02:58 - 2013-06-14 02:01 - 00000000 ____D () C:\Windows\Minidump
2014-04-03 00:22 - 2013-06-13 22:17 - 00085040 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 00:21 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Dani
2014-04-02 22:43 - 2014-04-01 22:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-02 22:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-02 22:07 - 2011-09-24 21:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 22:06 - 2012-05-16 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-02 21:47 - 2014-04-02 21:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2011-08-06 21:45 - 00000000 ____D () C:\ProgramData\Freemake
2014-04-02 17:43 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-02 10:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-02 10:17 - 2012-04-01 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-02 10:17 - 2011-05-19 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-02 10:03 - 2013-07-10 16:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-02 09:48 - 2014-04-02 09:40 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:21 - 2010-03-25 23:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-02 09:21 - 2009-07-14 06:33 - 00345488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-02 09:16 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Gast
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Administrator
2014-04-02 08:31 - 2013-06-14 14:13 - 00000000 ____D () C:\Users\Dani\Downloads\postda_mit_pdf
2014-04-02 08:31 - 2013-02-24 23:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\PDF reDirect
2014-04-02 08:31 - 2013-01-18 19:08 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-02 08:31 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Adobe
2014-04-02 08:31 - 2012-09-29 05:59 - 00000000 ____D () C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2014-04-02 08:31 - 2012-08-26 17:18 - 00000000 ____D () C:\Windows\system32\Adobe
2014-04-02 08:31 - 2012-07-16 18:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-02 08:31 - 2012-04-07 15:18 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-04-02 08:31 - 2011-04-03 01:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 08:31 - 2011-03-23 17:38 - 00000000 ____D () C:\Program Files\PixelNet Software
2014-04-02 08:31 - 2011-03-23 16:37 - 00000000 ____D () C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2014-04-02 08:31 - 2011-03-23 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-02 08:31 - 2011-03-23 14:53 - 00000000 ____D () C:\ProgramData\Installations
2014-04-02 08:31 - 2010-05-29 23:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-05-29 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-03-25 21:24 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-02 08:31 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-02 08:30 - 2014-02-08 04:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner
2014-04-02 08:29 - 2014-02-01 04:04 - 00000000 ____D () C:\Users\Dani\Downloads\defender41
2014-04-02 08:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-02 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-04-02 08:23 - 2011-04-03 01:57 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 08:22 - 2012-04-24 23:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\elsterformular
2014-04-02 08:22 - 2011-12-31 06:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-02 08:21 - 2013-06-13 20:55 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-04-02 08:21 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-02 08:21 - 2011-03-05 14:20 - 00000000 ____D () C:\Program Files\Java
2014-04-02 07:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-02 07:35 - 2013-06-14 01:27 - 00085040 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 21:30 - 2013-09-15 03:37 - 00000000 ____D () C:\Users\Dani\Ulk
2014-03-31 19:54 - 2014-03-31 21:36 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-31 19:51 - 2013-09-27 02:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-26 19:16 - 2011-04-14 19:59 - 00000000 ____D () C:\Users\Dani\Eigene Scans
2014-03-24 07:30 - 2014-04-02 21:39 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-03-24 07:30 - 2012-06-14 19:24 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Dani\Downloads\TDSSKiller.exe
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-18 01:07 - 2014-03-08 02:59 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-08 03:07 - 2014-03-08 02:42 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.1.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 20:14

==================== End Of Log ============================
         
--- --- ---


LG von Daniela
__________________

Alt 05.04.2014, 10:59   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Benutzerkonto wird fremd geleitet - Standard

Windows 7: Benutzerkonto wird fremd geleitet




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.04.2014, 11:29   #5
nickdaniela
 
Windows 7: Benutzerkonto wird fremd geleitet - Ausrufezeichen

Windows 7: Benutzerkonto wird fremd geleitet



Hallo Schrauber,

der Scan mit Eset hat 10 Stunden gedauert. Ist das normal?

Leider hat sich noch nichts geändert, aber Eset hat ja 3 Funde gehabt, die nicht gelöscht wurden, weil ich ja keinen Haken bei Remove Found Threads setzen sollte.

Muss ich deswegen noch irgendetwas machen?

Ich habe die ganzen Sachen von meinem Admin-Konto aus laufen lassen. Ist das richtig so oder hätte ich alles im verseuchen Benutzer-Konto starten sollen?

Hier jetzt die Logdateien:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5f8ee05835baed47897721f8b620da32
# engine=17769
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-05 10:18:02
# local_time=2014-04-06 12:18:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 23333178 148367473 0 0
# scanned=842
# found=0
# cleaned=0
# scan_time=2914
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5f8ee05835baed47897721f8b620da32
# engine=17769
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-06 08:53:51
# local_time=2014-04-06 10:53:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 23371327 148405622 0 0
# scanned=246501
# found=3
# cleaned=0
# scan_time=38038
sh=DF40F16600812B216E67A696B821756540BE6B8D ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NJU trojan" ac=I fn="C:\Dokumente und Einstellungen\Dani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\29ad6e86-508ff3d6"
sh=DF40F16600812B216E67A696B821756540BE6B8D ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NJU trojan" ac=I fn="C:\Users\Dani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\29ad6e86-508ff3d6"
sh=6BB81B31AED52392E9457D717FAAF6FD03E5F800 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NJU trojan" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-989268616-2580872740-1510082382-1005\$RPASFCN\Backup Set 2013-07-14 050528\Backup Files 2013-07-14 050528\Backup files 4.zip"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Panda Cloud Cleaner   
 Java(TM) 6 Update 37  
 Java 7 Update 17  
 Java DB 10.6.2.1   
 HP JavaCard for HP ProtectTools 
 Java version out of Date! 
 Adobe Flash Player 	12.0.0.77  
 Mozilla Firefox 19.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Admin (administrator) on DANI-PC on 06-04-2014 11:41:43
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
(Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2387088 2013-04-10] (Microsoft Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [293376 2013-06-13] (Microsoft Corporation)
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PostDa.exe - Verknüpfung.lnk
ShortcutTarget: PostDa.exe - Verknüpfung.lnk -> C:\Users\Admin\Downloads\postda_mit_pdf\PostDa.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF54F4976454ECF01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files\NOS\bin\np_gp.dll No File
FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-08]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]

========================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd)
S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [3718656 2010-03-24] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-03-24] (Broadcom Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.)
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 11:39 - 2014-04-06 11:39 - 00001216 _____ () C:\Users\Admin\Desktop\checkup.txt
2014-04-06 11:33 - 2014-04-06 10:53 - 00002025 _____ () C:\Users\Admin\Desktop\ESET.txt
2014-04-05 23:16 - 2014-04-05 23:16 - 00987442 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2014-04-05 23:15 - 2014-04-05 23:15 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2014-04-04 18:15 - 2014-04-04 18:15 - 00056773 _____ () C:\Users\Admin\Desktop\FRST2.txt
2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2014-04-04 17:51 - 2014-04-04 17:54 - 00000000 ____D () C:\AdwCleaner
2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe
2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt
2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe
2014-04-04 01:12 - 2014-04-04 01:14 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-04-04 01:11 - 2014-04-06 11:41 - 00015106 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-04 01:11 - 2014-04-06 11:41 - 00000000 ____D () C:\FRST
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:06 - 2014-04-04 01:07 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 00:31 - 2014-04-04 00:41 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:03 - 2014-04-04 00:04 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-04-03 03:27 - 2014-04-03 03:30 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 00:35 - 2014-04-03 19:19 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-02 22:10 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-04-02 17:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:40 - 2014-04-02 09:48 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-02 09:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-02 09:39 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-02 09:39 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-02 09:39 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-02 09:38 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-02 09:38 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-02 09:38 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-02 09:38 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-02 09:38 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-02 09:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-04-02 09:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-02 09:38 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-02 09:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-02 09:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-02 09:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-02 09:37 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-02 08:56 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-02 08:56 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-02 08:56 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-02 08:56 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-02 08:56 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-02 08:56 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-02 08:56 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-02 08:56 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-02 08:56 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-02 08:36 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-02 08:36 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-02 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-02 08:27 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-02 08:27 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-02 08:27 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-02 08:27 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-02 08:27 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-02 08:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-02 08:26 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-02 08:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-02 08:24 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-02 08:24 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-02 08:24 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-02 08:23 - 2013-09-25 04:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-02 08:23 - 2013-09-25 04:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-02 08:23 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-02 08:23 - 2013-09-25 02:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-02 08:23 - 2013-09-25 02:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-02 08:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-02 08:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-02 08:23 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-02 08:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-02 08:20 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-02 08:20 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-02 08:20 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-02 08:20 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-02 08:20 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-02 08:20 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-02 08:20 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-02 08:20 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-02 08:20 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-02 08:20 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-02 08:20 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-02 08:20 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-02 08:20 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-02 08:19 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-02 08:19 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-02 08:19 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-02 08:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-02 08:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-02 08:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-02 08:19 - 2013-10-03 03:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-02 08:19 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-02 08:19 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-02 08:19 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-02 08:19 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-02 08:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-01 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-31 21:36 - 2014-03-31 19:54 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-08 02:59 - 2014-03-18 01:07 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner
2014-03-08 02:42 - 2014-03-08 03:07 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger

==================== One Month Modified Files and Folders =======

2014-04-06 11:41 - 2014-04-04 01:11 - 00015106 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-06 11:41 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST
2014-04-06 11:39 - 2014-04-06 11:39 - 00001216 _____ () C:\Users\Admin\Desktop\checkup.txt
2014-04-06 11:35 - 2011-09-25 05:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 11:16 - 2012-07-27 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 10:53 - 2014-04-06 11:33 - 00002025 _____ () C:\Users\Admin\Desktop\ESET.txt
2014-04-06 08:35 - 2011-09-25 05:37 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 06:55 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 06:55 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 04:49 - 2013-06-13 22:02 - 01915314 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 23:18 - 2013-06-13 22:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 23:16 - 2014-04-05 23:16 - 00987442 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2014-04-05 23:15 - 2014-04-05 23:15 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2014-04-05 23:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 23:04 - 2013-06-14 12:41 - 00039249 _____ () C:\Windows\setupact.log
2014-04-04 18:16 - 2013-07-10 18:30 - 00000000 ____D () C:\Users\Dani\AppData\Local\FreePDF_XP
2014-04-04 18:15 - 2014-04-04 18:15 - 00056773 _____ () C:\Users\Admin\Desktop\FRST2.txt
2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2014-04-04 17:54 - 2014-04-04 17:51 - 00000000 ____D () C:\AdwCleaner
2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe
2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt
2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe
2014-04-04 01:14 - 2014-04-04 01:12 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:07 - 2014-04-04 01:06 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 01:06 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Admin
2014-04-04 00:41 - 2014-04-04 00:31 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:41 - 2011-03-22 19:35 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-04-04 00:41 - 2011-03-22 19:35 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-04 00:37 - 2013-06-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 00:33 - 2010-08-22 17:03 - 00000000 ____D () C:\Users\Dani\Scans
2014-04-04 00:04 - 2014-04-04 00:03 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 23:53 - 2011-09-25 14:55 - 00103158 _____ () C:\Windows\PFRO.log
2014-04-03 20:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 19:19 - 2014-04-03 00:35 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2011-03-29 04:11 - 00000000 ____D () C:\Program Files\Panda Security
2014-04-03 03:30 - 2014-04-03 03:27 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 02:58 - 2013-06-14 02:01 - 00000000 ____D () C:\Windows\Minidump
2014-04-03 00:22 - 2013-06-13 22:17 - 00085040 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 00:21 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Dani
2014-04-02 22:43 - 2014-04-01 22:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-02 22:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-02 22:07 - 2011-09-24 21:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 22:06 - 2012-05-16 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-02 21:47 - 2014-04-02 21:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2011-08-06 21:45 - 00000000 ____D () C:\ProgramData\Freemake
2014-04-02 17:43 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-02 10:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-02 10:17 - 2012-04-01 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-02 10:17 - 2011-05-19 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-02 10:03 - 2013-07-10 16:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-02 09:48 - 2014-04-02 09:40 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:21 - 2010-03-25 23:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-02 09:21 - 2009-07-14 06:33 - 00345488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-02 09:16 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Gast
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Administrator
2014-04-02 08:31 - 2013-06-14 14:13 - 00000000 ____D () C:\Users\Dani\Downloads\postda_mit_pdf
2014-04-02 08:31 - 2013-02-24 23:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\PDF reDirect
2014-04-02 08:31 - 2013-01-18 19:08 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-02 08:31 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Adobe
2014-04-02 08:31 - 2012-09-29 05:59 - 00000000 ____D () C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2014-04-02 08:31 - 2012-08-26 17:18 - 00000000 ____D () C:\Windows\system32\Adobe
2014-04-02 08:31 - 2012-07-16 18:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-02 08:31 - 2012-04-07 15:18 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-04-02 08:31 - 2011-04-03 01:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 08:31 - 2011-03-23 17:38 - 00000000 ____D () C:\Program Files\PixelNet Software
2014-04-02 08:31 - 2011-03-23 16:37 - 00000000 ____D () C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2014-04-02 08:31 - 2011-03-23 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-02 08:31 - 2011-03-23 14:53 - 00000000 ____D () C:\ProgramData\Installations
2014-04-02 08:31 - 2010-05-29 23:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-05-29 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-03-25 21:24 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-02 08:31 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-02 08:30 - 2014-02-08 04:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner
2014-04-02 08:29 - 2014-02-01 04:04 - 00000000 ____D () C:\Users\Dani\Downloads\defender41
2014-04-02 08:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-02 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-04-02 08:23 - 2011-04-03 01:57 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 08:22 - 2012-04-24 23:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\elsterformular
2014-04-02 08:22 - 2011-12-31 06:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-02 08:21 - 2013-06-13 20:55 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-04-02 08:21 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-02 08:21 - 2011-03-05 14:20 - 00000000 ____D () C:\Program Files\Java
2014-04-02 07:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-02 07:35 - 2013-06-14 01:27 - 00085040 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 21:30 - 2013-09-15 03:37 - 00000000 ____D () C:\Users\Dani\Ulk
2014-03-31 19:54 - 2014-03-31 21:36 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-31 19:51 - 2013-09-27 02:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-26 19:16 - 2011-04-14 19:59 - 00000000 ____D () C:\Users\Dani\Eigene Scans
2014-03-24 07:30 - 2014-04-02 21:39 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-03-24 07:30 - 2012-06-14 19:24 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Dani\Downloads\TDSSKiller.exe
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-18 01:07 - 2014-03-08 02:59 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-08 03:07 - 2014-03-08 02:42 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.1.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 20:14

==================== End Of Log ============================
         
--- --- ---


LG von Daniela


Alt 07.04.2014, 11:33   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Benutzerkonto wird fremd geleitet - Standard

Windows 7: Benutzerkonto wird fremd geleitet



Java udn Firefox updaten. Die Funde sind nur im Java Cache, erledigen wir mit TFC.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Bitte mal einen FRST Scan aus dem Benutzerkonto machen.
__________________
--> Windows 7: Benutzerkonto wird fremd geleitet

Alt 08.04.2014, 00:05   #7
nickdaniela
 
Windows 7: Benutzerkonto wird fremd geleitet - Standard

Windows 7: Benutzerkonto wird fremd geleitet



Hallo Schrauber,

das mit dem Trennen vom Internet habe ich leider nicht hinbekommen. Ist das schlimm?

Mein Notebook hat WLAN-Bluetooth + ich weiß nicht, wo ich es trennen kann + auch nicht, wie ich es dann wieder starten kann.

Als ich in der Systemsteuerung das Dienstprogramm zur drahtlosen Konfiguration starten wollte, kam eine Fehlermeldung, dass die interne Konfiguration inkonsistent ist. Was auch immer das heißen soll.

Vielleicht habe ich meinen Rechner doch mehr zerschossen, als ich gedacht habe. Gibt es andere Reparaturtools für Windows 7 außer sfc /scannow? Allerdings ist die Bluetooth-Einrichtung ja von HP, denke ich.

Hier jetzt die Logs von TFC vom Adminkonto + FRST vom Benutzerkontos:

Code:
ATTFilter
Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: Admin
->Temp folder emptied: 76422791 bytes
->Temporary Internet Files folder emptied: 92968079 bytes
->Java cache emptied: 48122 bytes
->FireFox cache emptied: 33097162 bytes
->Flash cache emptied: 1925 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 759 bytes
 
User: All Users
 
User: Dani
->Temp folder emptied: 82068267 bytes
->Temporary Internet Files folder emptied: 432444865 bytes
->Java cache emptied: 16283367 bytes
->FireFox cache emptied: 316899798 bytes
->Flash cache emptied: 15760 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38673345 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 17575 bytes
->Temporary Internet Files folder emptied: 11484877 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1173335 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
User: te
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 257738948 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42219862 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 1.337,00 mb
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Admin (administrator) on DANI-PC on 07-04-2014 19:31:25
Running from C:\Users\Dani\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
(Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Dirk Scheers Software (www.scheernet.de)) C:\Users\Dani\Downloads\postda_mit_pdf\PostDa.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2387088 2013-04-10] (Microsoft Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-989268616-2580872740-1510082382-1001\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-989268616-2580872740-1510082382-1001\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-989268616-2580872740-1510082382-1001\...\MountPoints2: {d48c7ec3-372d-11df-b17e-806e6f6e6963} - E:\setup.EXE /AUTORUN
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [293376 2013-06-13] (Microsoft Corporation)
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PostDa.exe - Verknüpfung.lnk
ShortcutTarget: PostDa.exe - Verknüpfung.lnk -> C:\Users\Admin\Downloads\postda_mit_pdf\PostDa.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF54F4976454ECF01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files\NOS\bin\np_gp.dll No File
FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-08]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]

========================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd)
S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [3718656 2010-03-24] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-03-24] (Broadcom Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.)
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 19:31 - 2014-04-07 19:31 - 00015624 _____ () C:\Users\Dani\Desktop\FRST.txt
2014-04-07 19:29 - 2014-04-07 19:29 - 00001669 _____ () C:\Users\Admin\Desktop\OldTimer.txt
2014-04-07 19:01 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Dani\Desktop\FRST.exe
2014-04-07 18:57 - 2014-04-07 18:57 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe
2014-04-07 18:30 - 2014-04-07 18:29 - 00264600 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 18:30 - 2014-04-07 18:29 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 18:30 - 2014-04-07 18:29 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 18:23 - 2014-04-07 18:28 - 31107992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-8-windows-i586.exe
2014-04-07 18:02 - 2014-04-07 18:04 - 25032080 _____ (Mozilla) C:\Users\Admin\Downloads\Firefox_Setup_de28.0.exe
2014-04-06 12:15 - 2014-04-06 12:15 - 00131072 ____N () C:\Windows\Minidump\040614-34765-01.dmp
2014-04-06 11:43 - 2014-04-06 11:43 - 00057733 _____ () C:\Users\Admin\Desktop\FRST3.txt
2014-04-06 11:39 - 2014-04-06 11:39 - 00001216 _____ () C:\Users\Admin\Desktop\checkup.txt
2014-04-06 11:33 - 2014-04-06 10:53 - 00002025 _____ () C:\Users\Admin\Desktop\ESET.txt
2014-04-05 23:16 - 2014-04-05 23:16 - 00987442 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2014-04-05 23:15 - 2014-04-05 23:15 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2014-04-04 18:15 - 2014-04-04 18:15 - 00056773 _____ () C:\Users\Admin\Desktop\FRST2.txt
2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2014-04-04 17:51 - 2014-04-04 17:54 - 00000000 ____D () C:\AdwCleaner
2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe
2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt
2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe
2014-04-04 01:12 - 2014-04-04 01:14 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-04-04 01:11 - 2014-04-07 19:31 - 00000000 ____D () C:\FRST
2014-04-04 01:11 - 2014-04-06 11:42 - 00057733 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:06 - 2014-04-04 01:07 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 00:31 - 2014-04-04 00:41 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:03 - 2014-04-04 00:04 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-04-03 03:27 - 2014-04-03 03:30 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 00:35 - 2014-04-03 19:19 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-02 22:10 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-04-02 17:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:40 - 2014-04-02 09:48 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-02 09:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-02 09:39 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-02 09:39 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-02 09:39 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-02 09:38 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-02 09:38 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-02 09:38 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-02 09:38 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-02 09:38 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-02 09:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-04-02 09:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-02 09:38 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-02 09:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-02 09:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-02 09:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-02 09:37 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-02 08:56 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-02 08:56 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-02 08:56 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-02 08:56 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-02 08:56 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-02 08:56 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-02 08:56 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-02 08:56 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-02 08:56 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-02 08:36 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-02 08:36 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-02 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-02 08:27 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-02 08:27 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-02 08:27 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-02 08:27 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-02 08:27 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-02 08:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-02 08:26 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-02 08:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-02 08:24 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-02 08:24 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-02 08:24 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-02 08:23 - 2013-09-25 04:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-02 08:23 - 2013-09-25 04:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-02 08:23 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-02 08:23 - 2013-09-25 02:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-02 08:23 - 2013-09-25 02:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-02 08:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-02 08:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-02 08:23 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-02 08:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-02 08:20 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-02 08:20 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-02 08:20 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-02 08:20 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-02 08:20 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-02 08:20 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-02 08:20 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-02 08:20 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-02 08:20 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-02 08:20 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-02 08:20 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-02 08:20 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-02 08:20 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-02 08:19 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-02 08:19 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-02 08:19 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-02 08:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-02 08:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-02 08:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-02 08:19 - 2013-10-03 03:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-02 08:19 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-02 08:19 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-02 08:19 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-02 08:19 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-02 08:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-01 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-31 21:36 - 2014-03-31 19:54 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-08 02:59 - 2014-03-18 01:07 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner
2014-03-08 02:42 - 2014-03-08 03:07 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger

==================== One Month Modified Files and Folders =======

2014-04-07 19:36 - 2011-09-25 05:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 19:33 - 2014-04-07 19:31 - 00015624 _____ () C:\Users\Dani\Desktop\FRST.txt
2014-04-07 19:31 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST
2014-04-07 19:30 - 2013-07-10 18:30 - 00000000 ____D () C:\Users\Dani\AppData\Local\FreePDF_XP
2014-04-07 19:30 - 2011-09-25 05:37 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 19:29 - 2014-04-07 19:29 - 00001669 _____ () C:\Users\Admin\Desktop\OldTimer.txt
2014-04-07 19:16 - 2012-07-27 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 19:04 - 2013-06-13 22:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 18:57 - 2014-04-07 18:57 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe
2014-04-07 18:56 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 18:56 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 18:53 - 2013-06-13 22:02 - 02024480 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 18:48 - 2013-06-14 12:41 - 00063129 _____ () C:\Windows\setupact.log
2014-04-07 18:48 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 18:47 - 2012-07-16 18:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-07 18:39 - 2012-04-01 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-07 18:39 - 2011-05-19 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-07 18:37 - 2010-08-22 13:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-04-07 18:35 - 2012-08-26 17:18 - 00000000 ____D () C:\Windows\system32\Adobe
2014-04-07 18:30 - 2013-09-27 02:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-07 18:30 - 2012-09-05 22:33 - 00096664 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-07 18:29 - 2014-04-07 18:30 - 00264600 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 18:29 - 2014-04-07 18:30 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 18:29 - 2014-04-07 18:30 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 18:28 - 2014-04-07 18:23 - 31107992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-8-windows-i586.exe
2014-04-07 18:20 - 2011-09-02 16:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2014-04-07 18:18 - 2011-04-03 01:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-07 18:04 - 2014-04-07 18:02 - 25032080 _____ (Mozilla) C:\Users\Admin\Downloads\Firefox_Setup_de28.0.exe
2014-04-06 12:15 - 2014-04-06 12:15 - 00131072 ____N () C:\Windows\Minidump\040614-34765-01.dmp
2014-04-06 12:15 - 2013-06-14 02:01 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 12:07 - 2011-09-25 14:55 - 00103940 _____ () C:\Windows\PFRO.log
2014-04-06 11:43 - 2014-04-06 11:43 - 00057733 _____ () C:\Users\Admin\Desktop\FRST3.txt
2014-04-06 11:42 - 2014-04-04 01:11 - 00057733 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-06 11:39 - 2014-04-06 11:39 - 00001216 _____ () C:\Users\Admin\Desktop\checkup.txt
2014-04-06 10:53 - 2014-04-06 11:33 - 00002025 _____ () C:\Users\Admin\Desktop\ESET.txt
2014-04-05 23:16 - 2014-04-05 23:16 - 00987442 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2014-04-05 23:15 - 2014-04-05 23:15 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2014-04-04 18:15 - 2014-04-04 18:15 - 00056773 _____ () C:\Users\Admin\Desktop\FRST2.txt
2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2014-04-04 17:54 - 2014-04-04 17:51 - 00000000 ____D () C:\AdwCleaner
2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe
2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt
2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe
2014-04-04 01:14 - 2014-04-04 01:12 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-04-04 01:09 - 2014-04-07 19:01 - 01145856 _____ (Farbar) C:\Users\Dani\Desktop\FRST.exe
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:07 - 2014-04-04 01:06 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 01:06 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Admin
2014-04-04 00:41 - 2014-04-04 00:31 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:41 - 2011-03-22 19:35 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-04-04 00:41 - 2011-03-22 19:35 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-04 00:37 - 2013-06-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 00:33 - 2010-08-22 17:03 - 00000000 ____D () C:\Users\Dani\Scans
2014-04-04 00:04 - 2014-04-04 00:03 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 20:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 19:19 - 2014-04-03 00:35 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2011-03-29 04:11 - 00000000 ____D () C:\Program Files\Panda Security
2014-04-03 03:30 - 2014-04-03 03:27 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 00:22 - 2013-06-13 22:17 - 00085040 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 00:21 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Dani
2014-04-02 22:43 - 2014-04-01 22:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-02 22:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-02 22:07 - 2011-09-24 21:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 22:06 - 2012-05-16 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-02 21:47 - 2014-04-02 21:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2011-08-06 21:45 - 00000000 ____D () C:\ProgramData\Freemake
2014-04-02 17:43 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-02 10:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-02 10:03 - 2013-07-10 16:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-02 09:48 - 2014-04-02 09:40 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:21 - 2010-03-25 23:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-02 09:21 - 2009-07-14 06:33 - 00345488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-02 09:16 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Gast
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Administrator
2014-04-02 08:31 - 2013-06-14 14:13 - 00000000 ____D () C:\Users\Dani\Downloads\postda_mit_pdf
2014-04-02 08:31 - 2013-02-24 23:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\PDF reDirect
2014-04-02 08:31 - 2013-01-18 19:08 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-02 08:31 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Adobe
2014-04-02 08:31 - 2012-09-29 05:59 - 00000000 ____D () C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2014-04-02 08:31 - 2012-04-07 15:18 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-04-02 08:31 - 2011-03-23 17:38 - 00000000 ____D () C:\Program Files\PixelNet Software
2014-04-02 08:31 - 2011-03-23 16:37 - 00000000 ____D () C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2014-04-02 08:31 - 2011-03-23 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-02 08:31 - 2011-03-23 14:53 - 00000000 ____D () C:\ProgramData\Installations
2014-04-02 08:31 - 2010-05-29 23:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-05-29 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-03-25 21:24 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-02 08:31 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-02 08:30 - 2014-02-08 04:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner
2014-04-02 08:29 - 2014-02-01 04:04 - 00000000 ____D () C:\Users\Dani\Downloads\defender41
2014-04-02 08:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-02 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-04-02 08:23 - 2011-04-03 01:57 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 08:22 - 2012-04-24 23:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\elsterformular
2014-04-02 08:22 - 2011-12-31 06:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-02 08:21 - 2013-06-13 20:55 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-04-02 08:21 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-02 08:21 - 2011-03-05 14:20 - 00000000 ____D () C:\Program Files\Java
2014-04-02 07:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-02 07:35 - 2013-06-14 01:27 - 00085040 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 21:30 - 2013-09-15 03:37 - 00000000 ____D () C:\Users\Dani\Ulk
2014-03-31 19:54 - 2014-03-31 21:36 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-26 19:16 - 2011-04-14 19:59 - 00000000 ____D () C:\Users\Dani\Eigene Scans
2014-03-24 07:30 - 2014-04-02 21:39 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-03-24 07:30 - 2012-06-14 19:24 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Dani\Downloads\TDSSKiller.exe
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-18 01:07 - 2014-03-08 02:59 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-08 03:07 - 2014-03-08 02:42 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 20:14

==================== End Of Log ============================
         
--- --- ---


LG von Daniela

Alt 08.04.2014, 12:35   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Benutzerkonto wird fremd geleitet - Standard

Windows 7: Benutzerkonto wird fremd geleitet



Leg bitte mal ein neues Benutzerkonto an, in dieses booten. Dort auch so Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.04.2014, 20:17   #9
nickdaniela
 
Windows 7: Benutzerkonto wird fremd geleitet - Standard

Windows 7: Benutzerkonto wird fremd geleitet



Hallo Schrauber,

was meinst du genau mit, ich soll in ein anderes Konto "booten"?

Also ich habe schon immer ein Gastkonto ohne Kennwort + ich habe mir vorhin noch ein 2. Benutzerkonto mit Kennwort angelegt.

Ich habe dann ganz normal den Rechner gestartet, um in diese beide Konten zu kommen.

Beide funktionieren anscheinend ohne Probleme.

Soll ich mein altes Konto löschen? Reicht ein einfaches Löschen über die Benutzerkontensteuerung?

Müssen noch irgendwelche von den Programmen, die ich im Laufe unseres Kontaktes installiert habe, wieder gelöscht werden? Besonders die vom Anfang?

LG von Daniela

Alt 09.04.2014, 15:04   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Benutzerkonto wird fremd geleitet - Standard

Windows 7: Benutzerkonto wird fremd geleitet



Hat das neu angelegte Adminrechte? Wenn ja, daten aus dem alten Konto, die du eventuell brauchst, sichern, dann das alte Konto über die Benutzerkontensteuerung löschen.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Benutzerkonto wird fremd geleitet
branding, device driver, dringend, dvdvideosoft ltd., e-banking, firefox, flash player, homepage, internet explorer, java/exploit.agent.nju, kaspersky, launch, malware, minidump, mp3, newtab, officejet, open candy, pup.optional.opencandy, pup.optional.snapdo.a, rundll, sierra, software, svchost.exe, system, windows




Ähnliche Themen: Windows 7: Benutzerkonto wird fremd geleitet


  1. Google wird zu Yahoo geleitet und Result Hub Ads
    Plagegeister aller Art und deren Bekämpfung - 19.09.2015 (10)
  2. windows xp sperrbildschirm nach Benutzerkonto start
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (25)
  3. Windows XP: Avira meldet mehrere Trojaner, wurde beim Online Banking auf falsche Seite geleitet...
    Log-Analyse und Auswertung - 09.09.2013 (13)
  4. Mein PC wurde am 07.11.2012 fremd gesteuert
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (26)
  5. Mein Google geht mit primosearch fremd
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (12)
  6. Suche mit google wird nicht auf das ergebnis geleitet, sondern auf "newsfudge.com"
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (23)
  7. 100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop
    Plagegeister aller Art und deren Bekämpfung - 07.04.2012 (6)
  8. Windows Update: Adminkonto oder Benutzerkonto?
    Alles rund um Windows - 25.02.2012 (3)
  9. System Fix unter Windows 7 bei einem Benutzerkonto
    Plagegeister aller Art und deren Bekämpfung - 05.12.2011 (5)
  10. Google Suchergebnisse werden weiter geleitet Windows 7 Firewall kann nicht mehr aktiviert werden
    Log-Analyse und Auswertung - 15.07.2011 (19)
  11. Kontrolle über Fremd PC - Wie leicht ist es wirklich?
    Diskussionsforum - 10.06.2011 (17)
  12. Google wird über trialtry.cn geleitet
    Log-Analyse und Auswertung - 04.10.2009 (14)
  13. Google-Suche wird auf Werbeseiten geleitet
    Log-Analyse und Auswertung - 27.08.2009 (12)
  14. Windows eingeschränktes Benutzerkonto verwalten!
    Alles rund um Windows - 25.05.2009 (2)
  15. PC fremd runtergefahren
    Log-Analyse und Auswertung - 11.08.2006 (1)
  16. Explorer wird automatisch auf eine Seite geleitet
    Plagegeister aller Art und deren Bekämpfung - 06.08.2006 (1)
  17. Windows Update im eingeschränkten Benutzerkonto
    Alles rund um Windows - 06.11.2005 (1)

Zum Thema Windows 7: Benutzerkonto wird fremd geleitet - Hallo an alle, ich habe mir leider etwas eingefangen. Ohne Probleme funktioniert nur mein Admin-Konto, aber ich habe schon so viel rumgemacht, dass auch hier bereits Malware am Start war. - Windows 7: Benutzerkonto wird fremd geleitet...
Archiv
Du betrachtest: Windows 7: Benutzerkonto wird fremd geleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.