|
Log-Analyse und Auswertung: Windows 7: Benutzerkonto wird fremd geleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.04.2014, 01:54 | #1 |
| Windows 7: Benutzerkonto wird fremd geleitet Hallo an alle, ich habe mir leider etwas eingefangen. Ohne Probleme funktioniert nur mein Admin-Konto, aber ich habe schon so viel rumgemacht, dass auch hier bereits Malware am Start war. Snapdo u.a. + irgendetwas mit Open Candy glaube ich. Mein Benutzerkonto verhält sich folgendermaßen: Als Hintergrundbild habe ich immer ein neues Foto von Bing. Dieses Bild bleibt immer gleich + aktualisiert sich nicht mehr. Aktualisierungen von Virenscannern werden nicht mehr durchgeführt. Den Echtzeitschutz von Malwarebytes konnte ich nicht aktivieren. Internet Explorer öffnet sich nicht mehr. Firefox öffnet sich mit Snapdo. Als ich mich im Online-Banking anmelden wollte, startete auf einmal Freemake Downloader, den ich auf dem Rechner hatte. Ihn habe ich deinstalliert + mich natürlich mit dem Benutzerkonto nicht im Online Banking angemeldet. Alles läuft extrem langsam. Ich habe das Admin-Konto im abgesicherten Modus gestartet + als Administrator Rkill, Malwarebytes + TDSSKiller laufen lassen, aber nichts änderte sich. Mein Notebook war dann so heiß, dass es teilweise nicht mehr startete. Ich hatte aber so einen Zorn, dass ich es immer wieder probiert habe, so dass das System schon fast zerschossen war. Eine Systemabbild-Rückspielung brachte eine Fehlermeldung, setzte den Rechner aber doch auf 2013 zurück. Allerdings ohne Besserung im Benutzerkonto zu bringen. Panda Cloud Cleaner brachte noch ein paar Probleme, die ich beheben ließ. Ich hoffe, dass ihr mir helfen könnt, den Rechner + das Benutzerkonto doch noch zu retten. Ich muss dringend an meine E-Mails + kann nicht. Hier sind die Logfiles: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:07 on 04/04/2014 (Admin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Admin (administrator) on DANI-PC on 04-04-2014 01:11:18 Running from C:\Users\Admin\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe (Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2387088 2013-04-10] (Microsoft Corp.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited) HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [293376 2013-06-13] (Microsoft Corporation) HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PostDa.exe - Verknüpfung.lnk ShortcutTarget: PostDa.exe - Verknüpfung.lnk -> C:\Users\Admin\Downloads\postda_mit_pdf\PostDa.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF54F4976454ECF01 SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default FF Homepage: about:home FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q= FF NewTab: about:blank FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ () FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files\NOS\bin\np_gp.dll No File FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\Extensions\staged [2014-04-02] FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-09-21] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-08] FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10] ========================== Services (Whitelisted) ================= R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation) R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.) R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.) S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd) S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [3718656 2010-03-24] (Broadcom Corporation) ==================== Drivers (Whitelisted) ==================== R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.) R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-03-24] (Broadcom Corporation) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) R3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.) S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 01:11 - 2014-04-04 01:11 - 00016247 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-04 01:11 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST 2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-04 01:06 - 2014-04-04 01:07 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.log 2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-04-04 00:31 - 2014-04-04 00:41 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm 2014-04-04 00:03 - 2014-04-04 00:04 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe 2014-04-03 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing 2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-04-03 03:31 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-04-03 03:27 - 2014-04-03 03:30 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe 2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp 2014-04-03 00:35 - 2014-04-03 19:19 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt 2014-04-02 22:10 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures 2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:47 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-02 21:39 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe 2014-04-02 17:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-02 09:40 - 2014-04-02 09:48 - 00009846 _____ () C:\Windows\IE10_main.log 2014-04-02 09:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-04-02 09:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-04-02 09:39 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-04-02 09:39 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-02 09:39 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-04-02 09:39 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-04-02 09:39 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-04-02 09:38 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-02 09:38 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-02 09:38 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-02 09:38 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-04-02 09:38 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-04-02 09:38 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-04-02 09:38 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-04-02 09:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-04-02 09:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-04-02 09:38 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-04-02 09:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-04-02 09:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-04-02 09:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-02 09:37 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-04-02 08:56 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-02 08:56 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-02 08:56 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-02 08:56 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-02 08:56 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-02 08:56 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-02 08:56 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-02 08:56 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-02 08:56 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-02 08:56 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-02 08:56 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-02 08:36 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-02 08:36 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-02 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-02 08:27 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-04-02 08:27 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-04-02 08:27 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-04-02 08:27 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-04-02 08:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-04-02 08:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-04-02 08:27 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-04-02 08:27 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-04-02 08:27 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-04-02 08:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-02 08:26 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-04-02 08:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-04-02 08:24 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-02 08:24 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-04-02 08:24 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-04-02 08:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-02 08:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-04-02 08:23 - 2013-09-25 04:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-04-02 08:23 - 2013-09-25 04:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-04-02 08:23 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-04-02 08:23 - 2013-09-25 03:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-04-02 08:23 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-04-02 08:23 - 2013-09-25 03:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-04-02 08:23 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-04-02 08:23 - 2013-09-25 02:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-04-02 08:23 - 2013-09-25 02:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-04-02 08:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-04-02 08:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-04-02 08:23 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-04-02 08:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-04-02 08:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-02 08:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-02 08:20 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-02 08:20 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-04-02 08:20 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-04-02 08:20 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-04-02 08:20 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-04-02 08:20 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-04-02 08:20 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-04-02 08:20 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-04-02 08:20 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-04-02 08:20 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-04-02 08:20 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-04-02 08:20 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-04-02 08:20 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-04-02 08:20 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-04-02 08:20 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-04-02 08:19 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-02 08:19 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-02 08:19 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-02 08:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-04-02 08:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-04-02 08:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-04-02 08:19 - 2013-10-03 03:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-04-02 08:19 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-02 08:19 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-04-02 08:19 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-04-02 08:19 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-04-02 08:19 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-04-02 08:19 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-04-02 08:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-01 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-31 21:36 - 2014-03-31 19:54 - 892371968 _____ () C:\Users\Dani\outlook.pst 2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom 2014-03-08 02:59 - 2014-03-18 01:07 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit 2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner 2014-03-08 02:42 - 2014-03-08 03:07 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger ==================== One Month Modified Files and Folders ======= 2014-04-04 01:11 - 2014-04-04 01:11 - 00016247 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-04 01:11 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST 2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-04 01:07 - 2014-04-04 01:06 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.log 2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-04-04 01:06 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Admin 2014-04-04 01:04 - 2013-06-13 22:02 - 01840652 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 01:00 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 01:00 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 00:52 - 2013-06-13 22:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 00:45 - 2011-09-25 05:37 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-04 00:44 - 2013-06-14 12:41 - 00005065 _____ () C:\Windows\setupact.log 2014-04-04 00:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-04 00:42 - 2013-06-13 01:04 - 00000000 ____D () C:\Users\Admin\Downloads\Patchloader Win7 Reparatur 2014-04-04 00:41 - 2014-04-04 00:31 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm 2014-04-04 00:41 - 2011-03-22 19:35 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-04-04 00:41 - 2011-03-22 19:35 - 00001908 _____ () C:\Windows\diagerr.xml 2014-04-04 00:37 - 2013-06-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-04 00:35 - 2011-09-25 05:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-04 00:33 - 2010-08-22 17:03 - 00000000 ____D () C:\Users\Dani\Scans 2014-04-04 00:16 - 2012-07-27 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-04 00:04 - 2014-04-04 00:03 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe 2014-04-03 23:53 - 2011-09-25 14:55 - 00103158 _____ () C:\Windows\PFRO.log 2014-04-03 20:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing 2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2014-04-03 19:19 - 2014-04-03 00:35 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt 2014-04-03 19:04 - 2013-07-10 18:30 - 00000000 ____D () C:\Users\Dani\AppData\Local\FreePDF_XP 2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-04-03 03:31 - 2011-03-29 04:11 - 00000000 ____D () C:\Program Files\Panda Security 2014-04-03 03:30 - 2014-04-03 03:27 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe 2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp 2014-04-03 02:58 - 2013-06-14 02:01 - 00000000 ____D () C:\Windows\Minidump 2014-04-03 00:22 - 2013-06-13 22:17 - 00085040 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-03 00:21 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Dani 2014-04-02 22:43 - 2014-04-01 22:57 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-04-02 22:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-04-02 22:07 - 2011-09-24 21:37 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures 2014-04-02 22:06 - 2012-05-16 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-02 21:47 - 2014-04-02 21:43 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-02 21:39 - 2011-08-06 21:45 - 00000000 ____D () C:\ProgramData\Freemake 2014-04-02 17:43 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-04-02 10:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-04-02 10:17 - 2012-04-01 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-02 10:17 - 2011-05-19 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-02 10:03 - 2013-07-10 16:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-02 09:48 - 2014-04-02 09:40 - 00009846 _____ () C:\Windows\IE10_main.log 2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-02 09:21 - 2010-03-25 23:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-02 09:21 - 2009-07-14 06:33 - 00345488 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-02 09:16 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Gast 2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Administrator 2014-04-02 08:31 - 2013-06-14 14:13 - 00000000 ____D () C:\Users\Dani\Downloads\postda_mit_pdf 2014-04-02 08:31 - 2013-02-24 23:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\PDF reDirect 2014-04-02 08:31 - 2013-01-18 19:08 - 00000000 ____D () C:\Program Files\QuickTime 2014-04-02 08:31 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Adobe 2014-04-02 08:31 - 2012-09-29 05:59 - 00000000 ____D () C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2014-04-02 08:31 - 2012-08-26 17:18 - 00000000 ____D () C:\Windows\system32\Adobe 2014-04-02 08:31 - 2012-07-16 18:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-02 08:31 - 2012-04-07 15:18 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-04-02 08:31 - 2011-04-03 01:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-02 08:31 - 2011-03-23 17:38 - 00000000 ____D () C:\Program Files\PixelNet Software 2014-04-02 08:31 - 2011-03-23 16:37 - 00000000 ____D () C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} 2014-04-02 08:31 - 2011-03-23 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-04-02 08:31 - 2011-03-23 14:53 - 00000000 ____D () C:\ProgramData\Installations 2014-04-02 08:31 - 2010-05-29 23:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView 2014-04-02 08:31 - 2010-05-29 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView 2014-04-02 08:31 - 2010-03-25 21:24 - 00000000 ____D () C:\Windows\system32\Macromed 2014-04-02 08:31 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-04-02 08:30 - 2014-02-08 04:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner 2014-04-02 08:29 - 2014-02-01 04:04 - 00000000 ____D () C:\Users\Dani\Downloads\defender41 2014-04-02 08:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-04-02 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2014-04-02 08:23 - 2011-04-03 01:57 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla 2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-02 08:22 - 2012-04-24 23:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\elsterformular 2014-04-02 08:22 - 2011-12-31 06:08 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-02 08:21 - 2013-06-13 20:55 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-04-02 08:21 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-02 08:21 - 2011-03-05 14:20 - 00000000 ____D () C:\Program Files\Java 2014-04-02 07:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-02 07:35 - 2013-06-14 01:27 - 00085040 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-31 21:30 - 2013-09-15 03:37 - 00000000 ____D () C:\Users\Dani\Ulk 2014-03-31 19:54 - 2014-03-31 21:36 - 892371968 _____ () C:\Users\Dani\outlook.pst 2014-03-31 19:51 - 2013-09-27 02:48 - 00000000 ____D () C:\ProgramData\Oracle 2014-03-26 19:16 - 2011-04-14 19:59 - 00000000 ____D () C:\Users\Dani\Eigene Scans 2014-03-24 07:30 - 2014-04-02 21:39 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe 2014-03-24 07:30 - 2012-06-14 19:24 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Dani\Downloads\TDSSKiller.exe 2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom 2014-03-18 01:07 - 2014-03-08 02:59 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit 2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys 2014-03-08 03:07 - 2014-03-08 02:42 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger 2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.1.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 20:14 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Admin at 2014-04-04 01:12:47 Running from C:\Users\Admin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden 4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.) ActivClient x86 (Version: 6.2 - ActivIdentity) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X Lite - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) Allway Sync version 10.4.0 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc) Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{A990D795-F751-39DA-DDD4-07ED04CEC7CE}) (Version: 3.0.715.0 - ATI Technologies, Inc.) Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd) AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation) Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.2.126.0 - Microsoft Corporation) BIOS Configuration for HP ProtectTools (HKLM\...\{1960BE46-E85A-4933-B10A-6D8516585288}) (Version: 4.00 E1 - Hewlett-Packard) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.18.12 - Broadcom Corporation) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden Canasta Deluxe DEMO 1.0 (HKLM\...\{FC2E457B-5109-4FA2-94F0-8E577AE54CA7}_is1) (Version: Canasta Deluxe DEMO - Zone 2 Media GmbH) Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2009.0521.2235.38731 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2009.0521.2235.38731 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2009.0521.2235.38731 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2009.0521.2235.38731 - ATI) Hidden Catalyst Control Center InstallProxy (Version: 2009.0521.2235.38731 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (Version: 2009.0521.2235.38731 - ATI) Hidden CCC Help Chinese Standard (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Chinese Traditional (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Czech (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Danish (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Dutch (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help English (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Finnish (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help French (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help German (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Greek (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Hungarian (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Italian (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Japanese (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Korean (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Norwegian (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Polish (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Portuguese (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Russian (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Spanish (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Swedish (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Thai (Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Turkish (Version: 2009.0521.2234.38731 - ATI) Hidden ccc-core-static (Version: 2009.0521.2235.38731 - Ihr Firmenname) Hidden ccc-utility (Version: 2009.0521.2235.38731 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Credential Manager for HP ProtectTools (Version: 4.1.6.1484 - Hewlett-Packard Company) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DelinvFile - 4.04 (HKLM\...\DelinvFile_is1) (Version: 4.04 - Assistance and Resources for Computing, Inc.) Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.3 - Hewlett-Packard) DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.) DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.) DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.) DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Plus Media Foundation Components (HKLM\...\{DA703982C580418795BF4001AA9D7061}) (Version: 1.0.0 - DivX, Inc.) DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.) DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.) DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden EGVP Classic-Client (HKLM\...\{EB32B660-3A59-4361-864B-E0116B5AF340}) (Version: 2.7.0.0 - bos KG) ElsterFormular (HKLM\...\ElsterFormular 13.1.1.8531p) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen) EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden File Sanitizer For HP ProtectTools (HKLM\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.10 - Hewlett-Packard) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation) Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.0 - EZ Freeware) Free YouTube to MP3 Converter version 3.10.11.923 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.) FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.) H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.) Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden HP Broadband Wireless Modules (HKLM\...\{AA0CBF76-BD8E-48C0-AE32-31684A629836}) (Version: 18.14.1715.1 - Sierra Wireless Inc) HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP ESU for Microsoft Windows 7 (HKLM\...\{1C47EEFD-ADC8-4B7C-9979-C550573B4C42}) (Version: 1.0.5.1 - Hewlett-Packard Company) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9602 - Broadcom Corporation) HP JavaCard for HP ProtectTools (Version: 04.10.10.0003 - Hewlett-Packard) Hidden HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP) HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP) HP ProtectTools Security Manager (Version: 04.10.10.0003 - Hewlett-Packard) Hidden HP ProtectTools Security Manager Suite (HKLM\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard) HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP SoftPaq Download Manager (HKLM\...\{3F728815-C7E8-40EA-8D1A-F7B8E2382325}) (Version: 3.4.10.0 - Hewlett-Packard Company) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Support Assistant (HKLM\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company) HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard) hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden inSSIDer 2.0 (HKLM\...\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}) (Version: 2.0.7 - MetaGeek) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan) Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle) Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle) K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{13CD417D-F1F1-4AC4-945D-FDDEB884756F}) (Version: 2.2.2170 - Microsoft Corporation) Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.) Mozilla Firefox 19.0 (x86 de) (HKLM\...\Mozilla Firefox 19.0 (x86 de)) (Version: 19.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden Nokia Software Updater (HKLM\...\{4D568C38-0552-4CDD-A643-01FAFA2957EF}) (Version: 02.06.006.44298 - Nokia Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Panda ActiveScan 2.0 (HKLM\...\ActiveScan 2.0) (Version: 01.04.01.0000 - Panda Security) Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.98 - Panda Security) PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) pcwPatchLoader 2.3.2 (HKLM\...\{84420A29-9A17-416E-AE2E-019BC23B5353}_is1) (Version: - IDG Tech Media GmbH) PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC) PixelNet Software 4.12.1 (HKLM\...\PixelNet Software) (Version: 4.12.1 - ORWO Net) PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC) Privacy Manager for HP ProtectTools (HKLM\...\{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}) (Version: 1.0.1.599 - DigitalPersona, Inc.) QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) RT 7 Lite (32-Bit) (HKCU\...\RT 7 Lite x86) (Version: 2.6.0 - Rockers Team) RT 7 Lite x86 (Version: 2.6.0 - Rockers Team) Hidden Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5240 - Analog Devices) Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated) TARGUS ACP45 (HKLM\...\{72AFDA89-371C-4596-B1ED-6F0E2CFFE5AA}) (Version: 3.1.4 - Targus) Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows 7 Default Setting (HKLM\...\{AEACD7BE-7E12-490D-80B2-C7DEBDBD8915}) (Version: 1.0.0.8 - Hewlett-Packard) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Restore Points ========================= 02-04-2014 06:20:14 Windows Update 02-04-2014 06:27:38 Windows Update 02-04-2014 07:39:22 Windows Update 02-04-2014 19:52:18 TuneUp Utilities 2014 wird entfernt 02-04-2014 19:53:24 TuneUp Utilities 2014 (de-DE) wird entfernt 02-04-2014 19:58:47 Windows Update 03-04-2014 22:00:06 Windows Modules Installer 03-04-2014 22:49:25 Windows Modules Installer ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {31C8669B-9C3B-451B-9AC7-164294F6AA55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.) Task: {38B42F69-650A-42BB-B0C1-063502D58BFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company) Task: {462CFE2D-16BF-4049-8500-B886B8728731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.) Task: {5500CCD2-0905-4F7E-821B-F5BE1EDBFE55} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {641B1BE8-CAA4-43F1-A59B-975028D0226F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02] (Adobe Systems Incorporated) Task: {7CE267E9-11F3-48FF-B585-4CEEB3F63631} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company) Task: {7E09977D-C7E9-42F6-88E4-2DA4D2F77D58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2011-09-09] (Hewlett-Packard Company) Task: {7EB934C2-E92C-4FCC-B76D-BC23E55E7AEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company) Task: {A438A2B3-BC47-43F9-A1AF-10EE72B542EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard) Task: {DBFA760D-0806-4728-9277-2DFF2AE20525} - System32\Tasks\Games\UpdateCheck_S-1-5-21-989268616-2580872740-1510082382-1005 Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\CreateChoiceProcessTask.job => C:\Windows\System32\browserchoice.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll 2013-07-10 18:27 - 2012-08-18 11:31 - 00116224 _____ () C:\Windows\System32\redmonnt.dll 2010-03-24 17:51 - 2010-03-24 17:51 - 00026112 _____ () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE 2011-01-23 18:38 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2010-07-04 23:32 - 2010-07-04 23:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2012-06-26 13:11 - 2012-06-26 13:11 - 02302040 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll 2012-06-26 13:11 - 2012-06-26 13:11 - 08197208 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll 2012-06-26 13:11 - 2012-06-26 13:11 - 00345688 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll 2012-06-26 13:10 - 2012-06-26 13:10 - 00202328 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll 2012-06-26 13:10 - 2012-06-26 13:10 - 00027736 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll 2012-06-26 13:11 - 2012-06-26 13:11 - 00282200 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24685898.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24685898.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: HP Support Assistant Service => 2 MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/02/2014 09:55:40 PM) (Source: Microsoft-Windows-RestartManager) (User: Dani-PC) Description: Die Anwendung oder der Dienst "linmsl" konnte nicht heruntergefahren werden. Error: (04/02/2014 07:12:39 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. . Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2} Error: (04/02/2014 07:12:39 AM) (Source: VSS) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. ] Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2} Error: (04/02/2014 07:11:48 AM) (Source: SignInAssistant) (User: ) Description: InitializeSvcAPI failed with hr = 0x80048883 Error: (04/02/2014 06:09:25 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. . Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c} Error: (04/02/2014 06:09:25 AM) (Source: VSS) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. ] Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c} Error: (04/02/2014 06:08:31 AM) (Source: SignInAssistant) (User: ) Description: InitializeSvcAPI failed with hr = 0x80048883 Error: (04/02/2014 05:53:26 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. . Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9} Error: (04/02/2014 05:53:26 AM) (Source: VSS) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. ] Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9} Error: (04/02/2014 05:52:33 AM) (Source: SignInAssistant) (User: ) Description: InitializeSvcAPI failed with hr = 0x80048883 System errors: ============= Error: (04/04/2014 00:44:40 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Routing und RAS" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%20 Error: (04/04/2014 00:44:40 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler beendet: %%20 Error: (04/04/2014 00:44:40 AM) (Source: RasMan) (User: ) Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [vpnike.dll] nicht initialisiert wurde. Das System kann das angegebene Gerät nicht finden. Error: (04/04/2014 00:44:35 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bing Desktop Update service erreicht. Error: (04/04/2014 00:07:30 AM) (Source: DCOM) (User: ) Description: {69D77689-DA2B-4308-8404-2614CBF9896E} Error: (04/03/2014 11:54:55 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT) Description: Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern Fehlerquelle: 3 Fehlertyp: 8 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere Informationen. Error: (04/03/2014 11:54:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler beendet: %%20 Error: (04/03/2014 11:54:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Routing und RAS" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%20 Error: (04/03/2014 11:54:29 PM) (Source: RasMan) (User: ) Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [vpnike.dll] nicht initialisiert wurde. Das System kann das angegebene Gerät nicht finden. Error: (04/03/2014 11:54:16 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bing Desktop Update service erreicht. Microsoft Office Sessions: ========================= Error: (04/02/2014 09:55:40 PM) (Source: Microsoft-Windows-RestartManager)(User: Dani-PC) Description: 1C:\Program Files\LPT\linmsl.exelinmsl0511754800 Error: (04/02/2014 07:12:39 AM) (Source: VSS)(User: ) Description: CoCreateInstance0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2} Error: (04/02/2014 07:12:39 AM) (Source: VSS)(User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2} Error: (04/02/2014 07:11:48 AM) (Source: SignInAssistant)(User: ) Description: InitializeSvcAPI failed with hr = 0x80048883 Error: (04/02/2014 06:09:25 AM) (Source: VSS)(User: ) Description: CoCreateInstance0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c} Error: (04/02/2014 06:09:25 AM) (Source: VSS)(User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c} Error: (04/02/2014 06:08:31 AM) (Source: SignInAssistant)(User: ) Description: InitializeSvcAPI failed with hr = 0x80048883 Error: (04/02/2014 05:53:26 AM) (Source: VSS)(User: ) Description: CoCreateInstance0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9} Error: (04/02/2014 05:53:26 AM) (Source: VSS)(User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt. Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9} Error: (04/02/2014 05:52:33 AM) (Source: SignInAssistant)(User: ) Description: InitializeSvcAPI failed with hr = 0x80048883 ==================== Memory info =========================== Percentage of memory in use: 42% Total physical RAM: 2943.3 MB Available physical RAM: 1700.42 MB Total Pagefile: 5884.9 MB Available Pagefile: 4438.98 MB Total Virtual: 2047.88 MB Available Virtual: 1909.03 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:71.6 GB) (Free:15.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:2.93 GB) (Free:2.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 8451F94D) Partition 1: (Active) - (Size=72 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-04 01:54:53 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541680J9SA00 rev.SB2OC7BP 74,53GB Running: g5w19qcz.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxldapod.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E40A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7A212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90829000, 0x2678C8, 0xE8000020] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\BTHUSB \Device\00000078 bthport.sys Device \Driver\BTHUSB \Device\0000007a bthport.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb109fe Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb109fe (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@FindFlags 14 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@LastKey Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{ae4bd3be-f36f-45b6-8d21-bdd6fb832853}\ChannelReferences\2 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Rkill 2.5.3 by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: hxxp://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/03/2014 07:16:56 PM in x86 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * COM+-Ereignissystem (EventSystem) is not Running. Startup Type set to: Automatic * Sicherheitscenter (wscsvc) is not Running. Startup Type set to: Automatic (Delayed Start) * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 04/03/2014 07:19:30 PM Execution time: 0 hours(s), 2 minute(s), and 34 seconds(s) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.04.02.05 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 10.0.9200.16844 Admin :: DANI-PC [Administrator] 02.04.2014 17:46:50 mbam-log-2014-04-02 (17-46-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 501714 Laufzeit: 1 Stunde(n), 34 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\SMARTBAR (PUP.Optional.SnapDo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\Smartbar|publisher (PUP.Optional.SnapDo.A) -> Daten: SnapdoOCYB -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Admin\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\5F4FEAB891874B3E967754948A89A94B (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\968E141CC0FE4FB59222C47EF0DD37BB (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\Admin\AppData\Roaming\OpenCandy\5F4FEAB891874B3E967754948A89A94B\Installer.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\968E141CC0FE4FB59222C47EF0DD37BB\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
04.04.2014, 06:29 | #2 |
/// the machine /// TB-Ausbilder | Windows 7: Benutzerkonto wird fremd geleitet Hi,
__________________fraglich ob da noch was geht nach dem ganzen Rumprobieren. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
04.04.2014, 17:31 | #3 |
| Windows 7: Benutzerkonto wird fremd geleitet Hallo Schrauber,
__________________vielen Dank, dass du mir helfen willst. Tatsächlich läuft mein System aber trotz dem Mist, den ich gemacht habe, sehr stabil. Hier sind die gewünschten Logs (JRT hat gleich etwas gefunden + wollte, dass ich einem Rechnerneustart zur Bereinigung zustimme, was ich auch getan habe): Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 04/04/2014 um 17:54:26 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzername : Admin - DANI-PC # Gestartet von : C:\Users\Admin\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\uniblue Ordner Gelöscht : C:\Program Files\targus Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Users\Dani\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Dani\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Gast\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\ConduitCommon Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} Datei Gelöscht : C:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\a30cidtl.default\searchplugins\Web Search.xml Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ixw6n3d1.default\searchplugins\Web Search.xml ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Mozilla Firefox v19.0 (de) [ Datei : C:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\a30cidtl.default\prefs.js ] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbNzdsBKz[...] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbU[...] Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbli7n9wmWK0A18A[...] [ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\prefs.js ] [ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ixw6n3d1.default\prefs.js ] Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbU[...] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbli7n9wmWK0A18A[...] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt_vzzomYPkMiFteuAIG7_XcvqnYwARFv1OJHxZdN7_NfAXmd0Opk2G3mCUVyy5bJbNzdsBKz[...] ************************* AdwCleaner[R0].txt - [5027 octets] - [04/04/2014 17:52:01] AdwCleaner[S0].txt - [4914 octets] - [04/04/2014 17:54:26] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4974 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Home Premium x86 Ran by Admin on 04.04.2014 at 18:05:09,51 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95} Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}" Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}" ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hy2vqeap.default\conduitcommon Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hy2vqeap.default\extensions\staged ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04.04.2014 at 18:12:07,22 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Admin (administrator) on DANI-PC on 04-04-2014 18:14:02 Running from C:\Users\Admin\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe (Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2387088 2013-04-10] (Microsoft Corp.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited) HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [293376 2013-06-13] (Microsoft Corporation) HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PostDa.exe - Verknüpfung.lnk ShortcutTarget: PostDa.exe - Verknüpfung.lnk -> C:\Users\Admin\Downloads\postda_mit_pdf\PostDa.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF54F4976454ECF01 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default FF Homepage: about:home FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q= FF NewTab: about:blank FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ () FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files\NOS\bin\np_gp.dll No File FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-08] FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10] ========================== Services (Whitelisted) ================= R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation) R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.) R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.) S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd) S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [3718656 2010-03-24] (Broadcom Corporation) ==================== Drivers (Whitelisted) ==================== R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.) R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-03-24] (Broadcom Corporation) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) R3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.) S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt 2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT 2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2014-04-04 17:51 - 2014-04-04 17:54 - 00000000 ____D () C:\AdwCleaner 2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe 2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt 2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe 2014-04-04 01:12 - 2014-04-04 01:14 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt 2014-04-04 01:11 - 2014-04-04 18:14 - 00015106 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-04 01:11 - 2014-04-04 18:14 - 00000000 ____D () C:\FRST 2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-04 01:06 - 2014-04-04 01:07 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt 2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-04-04 00:31 - 2014-04-04 00:41 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm 2014-04-04 00:03 - 2014-04-04 00:04 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe 2014-04-03 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing 2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-04-03 03:31 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-04-03 03:27 - 2014-04-03 03:30 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe 2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp 2014-04-03 00:35 - 2014-04-03 19:19 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt 2014-04-02 22:10 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures 2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:47 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-02 21:39 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe 2014-04-02 17:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-02 09:40 - 2014-04-02 09:48 - 00009846 _____ () C:\Windows\IE10_main.log 2014-04-02 09:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-04-02 09:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-04-02 09:39 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-04-02 09:39 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-02 09:39 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-04-02 09:39 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-04-02 09:39 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-04-02 09:38 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-02 09:38 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-02 09:38 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-02 09:38 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-04-02 09:38 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-04-02 09:38 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-04-02 09:38 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-04-02 09:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-04-02 09:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-04-02 09:38 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-04-02 09:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-04-02 09:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-04-02 09:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-02 09:37 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-04-02 08:56 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-02 08:56 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-02 08:56 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-02 08:56 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-02 08:56 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-02 08:56 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-02 08:56 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-02 08:56 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-02 08:56 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-02 08:56 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-02 08:56 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-02 08:36 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-02 08:36 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-02 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-02 08:27 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-04-02 08:27 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-04-02 08:27 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-04-02 08:27 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-04-02 08:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-04-02 08:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-04-02 08:27 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-04-02 08:27 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-04-02 08:27 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-04-02 08:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-02 08:26 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-04-02 08:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-04-02 08:24 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-02 08:24 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-04-02 08:24 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-04-02 08:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-02 08:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-04-02 08:23 - 2013-09-25 04:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-04-02 08:23 - 2013-09-25 04:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-04-02 08:23 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-04-02 08:23 - 2013-09-25 03:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-04-02 08:23 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-04-02 08:23 - 2013-09-25 03:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-04-02 08:23 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-04-02 08:23 - 2013-09-25 02:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-04-02 08:23 - 2013-09-25 02:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-04-02 08:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-04-02 08:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-04-02 08:23 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-04-02 08:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-04-02 08:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-02 08:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-02 08:20 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-02 08:20 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-04-02 08:20 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-04-02 08:20 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-04-02 08:20 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-04-02 08:20 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-04-02 08:20 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-04-02 08:20 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-04-02 08:20 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-04-02 08:20 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-04-02 08:20 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-04-02 08:20 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-04-02 08:20 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-04-02 08:20 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-04-02 08:20 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-04-02 08:19 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-02 08:19 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-02 08:19 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-02 08:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-04-02 08:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-04-02 08:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-04-02 08:19 - 2013-10-03 03:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-04-02 08:19 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-02 08:19 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-04-02 08:19 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-04-02 08:19 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-04-02 08:19 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-04-02 08:19 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-04-02 08:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-01 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-31 21:36 - 2014-03-31 19:54 - 892371968 _____ () C:\Users\Dani\outlook.pst 2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom 2014-03-08 02:59 - 2014-03-18 01:07 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit 2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner 2014-03-08 02:42 - 2014-03-08 03:07 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger ==================== One Month Modified Files and Folders ======= 2014-04-04 18:14 - 2014-04-04 01:11 - 00015106 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-04 18:14 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST 2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt 2014-04-04 18:11 - 2013-06-13 22:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 18:11 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 18:11 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 18:04 - 2011-09-25 05:37 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-04 18:03 - 2013-06-14 12:41 - 00026137 _____ () C:\Windows\setupact.log 2014-04-04 18:03 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-04 18:01 - 2013-06-13 22:02 - 01858244 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT 2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2014-04-04 17:54 - 2014-04-04 17:51 - 00000000 ____D () C:\AdwCleaner 2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe 2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2014-04-04 17:35 - 2011-09-25 05:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-04 17:16 - 2012-07-27 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt 2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe 2014-04-04 01:14 - 2014-04-04 01:12 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt 2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-04 01:07 - 2014-04-04 01:06 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt 2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-04-04 01:06 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Admin 2014-04-04 00:41 - 2014-04-04 00:31 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm 2014-04-04 00:41 - 2011-03-22 19:35 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-04-04 00:41 - 2011-03-22 19:35 - 00001908 _____ () C:\Windows\diagerr.xml 2014-04-04 00:37 - 2013-06-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-04 00:33 - 2010-08-22 17:03 - 00000000 ____D () C:\Users\Dani\Scans 2014-04-04 00:04 - 2014-04-04 00:03 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe 2014-04-03 23:53 - 2011-09-25 14:55 - 00103158 _____ () C:\Windows\PFRO.log 2014-04-03 20:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing 2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2014-04-03 19:19 - 2014-04-03 00:35 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt 2014-04-03 19:04 - 2013-07-10 18:30 - 00000000 ____D () C:\Users\Dani\AppData\Local\FreePDF_XP 2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-04-03 03:31 - 2011-03-29 04:11 - 00000000 ____D () C:\Program Files\Panda Security 2014-04-03 03:30 - 2014-04-03 03:27 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe 2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp 2014-04-03 02:58 - 2013-06-14 02:01 - 00000000 ____D () C:\Windows\Minidump 2014-04-03 00:22 - 2013-06-13 22:17 - 00085040 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-03 00:21 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Dani 2014-04-02 22:43 - 2014-04-01 22:57 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-04-02 22:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-04-02 22:07 - 2011-09-24 21:37 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures 2014-04-02 22:06 - 2012-05-16 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-02 21:47 - 2014-04-02 21:43 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-02 21:39 - 2011-08-06 21:45 - 00000000 ____D () C:\ProgramData\Freemake 2014-04-02 17:43 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-04-02 10:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-04-02 10:17 - 2012-04-01 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-02 10:17 - 2011-05-19 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-02 10:03 - 2013-07-10 16:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-02 09:48 - 2014-04-02 09:40 - 00009846 _____ () C:\Windows\IE10_main.log 2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-02 09:21 - 2010-03-25 23:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-02 09:21 - 2009-07-14 06:33 - 00345488 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-02 09:16 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Gast 2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Administrator 2014-04-02 08:31 - 2013-06-14 14:13 - 00000000 ____D () C:\Users\Dani\Downloads\postda_mit_pdf 2014-04-02 08:31 - 2013-02-24 23:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\PDF reDirect 2014-04-02 08:31 - 2013-01-18 19:08 - 00000000 ____D () C:\Program Files\QuickTime 2014-04-02 08:31 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Adobe 2014-04-02 08:31 - 2012-09-29 05:59 - 00000000 ____D () C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2014-04-02 08:31 - 2012-08-26 17:18 - 00000000 ____D () C:\Windows\system32\Adobe 2014-04-02 08:31 - 2012-07-16 18:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-02 08:31 - 2012-04-07 15:18 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-04-02 08:31 - 2011-04-03 01:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-02 08:31 - 2011-03-23 17:38 - 00000000 ____D () C:\Program Files\PixelNet Software 2014-04-02 08:31 - 2011-03-23 16:37 - 00000000 ____D () C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} 2014-04-02 08:31 - 2011-03-23 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-04-02 08:31 - 2011-03-23 14:53 - 00000000 ____D () C:\ProgramData\Installations 2014-04-02 08:31 - 2010-05-29 23:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView 2014-04-02 08:31 - 2010-05-29 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView 2014-04-02 08:31 - 2010-03-25 21:24 - 00000000 ____D () C:\Windows\system32\Macromed 2014-04-02 08:31 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-04-02 08:30 - 2014-02-08 04:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner 2014-04-02 08:29 - 2014-02-01 04:04 - 00000000 ____D () C:\Users\Dani\Downloads\defender41 2014-04-02 08:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-04-02 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2014-04-02 08:23 - 2011-04-03 01:57 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla 2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-02 08:22 - 2012-04-24 23:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\elsterformular 2014-04-02 08:22 - 2011-12-31 06:08 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-02 08:21 - 2013-06-13 20:55 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-04-02 08:21 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-02 08:21 - 2011-03-05 14:20 - 00000000 ____D () C:\Program Files\Java 2014-04-02 07:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-02 07:35 - 2013-06-14 01:27 - 00085040 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-31 21:30 - 2013-09-15 03:37 - 00000000 ____D () C:\Users\Dani\Ulk 2014-03-31 19:54 - 2014-03-31 21:36 - 892371968 _____ () C:\Users\Dani\outlook.pst 2014-03-31 19:51 - 2013-09-27 02:48 - 00000000 ____D () C:\ProgramData\Oracle 2014-03-26 19:16 - 2011-04-14 19:59 - 00000000 ____D () C:\Users\Dani\Eigene Scans 2014-03-24 07:30 - 2014-04-02 21:39 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe 2014-03-24 07:30 - 2012-06-14 19:24 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Dani\Downloads\TDSSKiller.exe 2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom 2014-03-18 01:07 - 2014-03-08 02:59 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit 2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys 2014-03-08 03:07 - 2014-03-08 02:42 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger 2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.1.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 20:14 ==================== End Of Log ============================ LG von Daniela |
05.04.2014, 10:59 | #4 |
/// the machine /// TB-Ausbilder | Windows 7: Benutzerkonto wird fremd geleitetESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.04.2014, 11:29 | #5 |
| Windows 7: Benutzerkonto wird fremd geleitet Hallo Schrauber, der Scan mit Eset hat 10 Stunden gedauert. Ist das normal? Leider hat sich noch nichts geändert, aber Eset hat ja 3 Funde gehabt, die nicht gelöscht wurden, weil ich ja keinen Haken bei Remove Found Threads setzen sollte. Muss ich deswegen noch irgendetwas machen? Ich habe die ganzen Sachen von meinem Admin-Konto aus laufen lassen. Ist das richtig so oder hätte ich alles im verseuchen Benutzer-Konto starten sollen? Hier jetzt die Logdateien: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=5f8ee05835baed47897721f8b620da32 # engine=17769 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-05 10:18:02 # local_time=2014-04-06 12:18:02 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 23333178 148367473 0 0 # scanned=842 # found=0 # cleaned=0 # scan_time=2914 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=5f8ee05835baed47897721f8b620da32 # engine=17769 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-06 08:53:51 # local_time=2014-04-06 10:53:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 23371327 148405622 0 0 # scanned=246501 # found=3 # cleaned=0 # scan_time=38038 sh=DF40F16600812B216E67A696B821756540BE6B8D ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NJU trojan" ac=I fn="C:\Dokumente und Einstellungen\Dani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\29ad6e86-508ff3d6" sh=DF40F16600812B216E67A696B821756540BE6B8D ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NJU trojan" ac=I fn="C:\Users\Dani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\29ad6e86-508ff3d6" sh=6BB81B31AED52392E9457D717FAAF6FD03E5F800 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NJU trojan" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-989268616-2580872740-1510082382-1005\$RPASFCN\Backup Set 2013-07-14 050528\Backup Files 2013-07-14 050528\Backup files 4.zip" Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Panda Cloud Cleaner Java(TM) 6 Update 37 Java 7 Update 17 Java DB 10.6.2.1 HP JavaCard for HP ProtectTools Java version out of Date! Adobe Flash Player 12.0.0.77 Mozilla Firefox 19.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Admin (administrator) on DANI-PC on 06-04-2014 11:41:43 Running from C:\Users\Admin\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe (Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2387088 2013-04-10] (Microsoft Corp.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited) HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [293376 2013-06-13] (Microsoft Corporation) HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PostDa.exe - Verknüpfung.lnk ShortcutTarget: PostDa.exe - Verknüpfung.lnk -> C:\Users\Admin\Downloads\postda_mit_pdf\PostDa.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF54F4976454ECF01 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default FF Homepage: about:home FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q= FF NewTab: about:blank FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ () FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files\NOS\bin\np_gp.dll No File FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-08] FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10] ========================== Services (Whitelisted) ================= R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation) R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.) R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.) S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd) S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [3718656 2010-03-24] (Broadcom Corporation) ==================== Drivers (Whitelisted) ==================== S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.) R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-03-24] (Broadcom Corporation) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.) S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-06 11:39 - 2014-04-06 11:39 - 00001216 _____ () C:\Users\Admin\Desktop\checkup.txt 2014-04-06 11:33 - 2014-04-06 10:53 - 00002025 _____ () C:\Users\Admin\Desktop\ESET.txt 2014-04-05 23:16 - 2014-04-05 23:16 - 00987442 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2014-04-05 23:15 - 2014-04-05 23:15 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe 2014-04-04 18:15 - 2014-04-04 18:15 - 00056773 _____ () C:\Users\Admin\Desktop\FRST2.txt 2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt 2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT 2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2014-04-04 17:51 - 2014-04-04 17:54 - 00000000 ____D () C:\AdwCleaner 2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe 2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt 2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe 2014-04-04 01:12 - 2014-04-04 01:14 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt 2014-04-04 01:11 - 2014-04-06 11:41 - 00015106 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-04 01:11 - 2014-04-06 11:41 - 00000000 ____D () C:\FRST 2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-04 01:06 - 2014-04-04 01:07 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt 2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-04-04 00:31 - 2014-04-04 00:41 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm 2014-04-04 00:03 - 2014-04-04 00:04 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe 2014-04-03 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing 2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-04-03 03:31 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-04-03 03:27 - 2014-04-03 03:30 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe 2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp 2014-04-03 00:35 - 2014-04-03 19:19 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt 2014-04-02 22:10 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures 2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:47 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-02 21:39 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe 2014-04-02 17:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-02 09:40 - 2014-04-02 09:48 - 00009846 _____ () C:\Windows\IE10_main.log 2014-04-02 09:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-04-02 09:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-04-02 09:39 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-04-02 09:39 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-02 09:39 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-04-02 09:39 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-04-02 09:39 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-04-02 09:38 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-02 09:38 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-02 09:38 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-02 09:38 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-04-02 09:38 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-04-02 09:38 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-04-02 09:38 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-04-02 09:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-04-02 09:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-04-02 09:38 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-04-02 09:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-04-02 09:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-04-02 09:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-02 09:37 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-04-02 08:56 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-02 08:56 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-02 08:56 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-02 08:56 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-02 08:56 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-02 08:56 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-02 08:56 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-02 08:56 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-02 08:56 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-02 08:56 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-02 08:56 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-02 08:36 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-02 08:36 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-02 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-02 08:27 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-04-02 08:27 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-04-02 08:27 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-04-02 08:27 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-04-02 08:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-04-02 08:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-04-02 08:27 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-04-02 08:27 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-04-02 08:27 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-04-02 08:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-02 08:26 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-04-02 08:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-04-02 08:24 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-02 08:24 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-04-02 08:24 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-04-02 08:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-02 08:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-04-02 08:23 - 2013-09-25 04:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-04-02 08:23 - 2013-09-25 04:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-04-02 08:23 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-04-02 08:23 - 2013-09-25 03:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-04-02 08:23 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-04-02 08:23 - 2013-09-25 03:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-04-02 08:23 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-04-02 08:23 - 2013-09-25 02:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-04-02 08:23 - 2013-09-25 02:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-04-02 08:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-04-02 08:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-04-02 08:23 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-04-02 08:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-04-02 08:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-02 08:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-02 08:20 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-02 08:20 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-04-02 08:20 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-04-02 08:20 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-04-02 08:20 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-04-02 08:20 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-04-02 08:20 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-04-02 08:20 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-04-02 08:20 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-04-02 08:20 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-04-02 08:20 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-04-02 08:20 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-04-02 08:20 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-04-02 08:20 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-04-02 08:20 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-04-02 08:19 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-02 08:19 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-02 08:19 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-02 08:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-04-02 08:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-04-02 08:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-04-02 08:19 - 2013-10-03 03:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-04-02 08:19 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-02 08:19 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-04-02 08:19 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-04-02 08:19 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-04-02 08:19 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-04-02 08:19 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-04-02 08:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-01 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-31 21:36 - 2014-03-31 19:54 - 892371968 _____ () C:\Users\Dani\outlook.pst 2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom 2014-03-08 02:59 - 2014-03-18 01:07 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit 2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner 2014-03-08 02:42 - 2014-03-08 03:07 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger ==================== One Month Modified Files and Folders ======= 2014-04-06 11:41 - 2014-04-04 01:11 - 00015106 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-06 11:41 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST 2014-04-06 11:39 - 2014-04-06 11:39 - 00001216 _____ () C:\Users\Admin\Desktop\checkup.txt 2014-04-06 11:35 - 2011-09-25 05:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-06 11:16 - 2012-07-27 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-06 10:53 - 2014-04-06 11:33 - 00002025 _____ () C:\Users\Admin\Desktop\ESET.txt 2014-04-06 08:35 - 2011-09-25 05:37 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-06 06:55 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-06 06:55 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-06 04:49 - 2013-06-13 22:02 - 01915314 _____ () C:\Windows\WindowsUpdate.log 2014-04-05 23:18 - 2013-06-13 22:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-05 23:16 - 2014-04-05 23:16 - 00987442 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2014-04-05 23:15 - 2014-04-05 23:15 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe 2014-04-05 23:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-05 23:04 - 2013-06-14 12:41 - 00039249 _____ () C:\Windows\setupact.log 2014-04-04 18:16 - 2013-07-10 18:30 - 00000000 ____D () C:\Users\Dani\AppData\Local\FreePDF_XP 2014-04-04 18:15 - 2014-04-04 18:15 - 00056773 _____ () C:\Users\Admin\Desktop\FRST2.txt 2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt 2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT 2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2014-04-04 17:54 - 2014-04-04 17:51 - 00000000 ____D () C:\AdwCleaner 2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe 2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt 2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe 2014-04-04 01:14 - 2014-04-04 01:12 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt 2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-04 01:07 - 2014-04-04 01:06 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt 2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-04-04 01:06 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Admin 2014-04-04 00:41 - 2014-04-04 00:31 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm 2014-04-04 00:41 - 2011-03-22 19:35 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-04-04 00:41 - 2011-03-22 19:35 - 00001908 _____ () C:\Windows\diagerr.xml 2014-04-04 00:37 - 2013-06-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-04 00:33 - 2010-08-22 17:03 - 00000000 ____D () C:\Users\Dani\Scans 2014-04-04 00:04 - 2014-04-04 00:03 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe 2014-04-03 23:53 - 2011-09-25 14:55 - 00103158 _____ () C:\Windows\PFRO.log 2014-04-03 20:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing 2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2014-04-03 19:19 - 2014-04-03 00:35 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt 2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-04-03 03:31 - 2011-03-29 04:11 - 00000000 ____D () C:\Program Files\Panda Security 2014-04-03 03:30 - 2014-04-03 03:27 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe 2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp 2014-04-03 02:58 - 2013-06-14 02:01 - 00000000 ____D () C:\Windows\Minidump 2014-04-03 00:22 - 2013-06-13 22:17 - 00085040 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-03 00:21 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Dani 2014-04-02 22:43 - 2014-04-01 22:57 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-04-02 22:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-04-02 22:07 - 2011-09-24 21:37 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures 2014-04-02 22:06 - 2012-05-16 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-02 21:47 - 2014-04-02 21:43 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-02 21:39 - 2011-08-06 21:45 - 00000000 ____D () C:\ProgramData\Freemake 2014-04-02 17:43 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-04-02 10:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-04-02 10:17 - 2012-04-01 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-02 10:17 - 2011-05-19 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-02 10:03 - 2013-07-10 16:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-02 09:48 - 2014-04-02 09:40 - 00009846 _____ () C:\Windows\IE10_main.log 2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-02 09:21 - 2010-03-25 23:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-02 09:21 - 2009-07-14 06:33 - 00345488 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-02 09:16 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Gast 2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Administrator 2014-04-02 08:31 - 2013-06-14 14:13 - 00000000 ____D () C:\Users\Dani\Downloads\postda_mit_pdf 2014-04-02 08:31 - 2013-02-24 23:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\PDF reDirect 2014-04-02 08:31 - 2013-01-18 19:08 - 00000000 ____D () C:\Program Files\QuickTime 2014-04-02 08:31 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Adobe 2014-04-02 08:31 - 2012-09-29 05:59 - 00000000 ____D () C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2014-04-02 08:31 - 2012-08-26 17:18 - 00000000 ____D () C:\Windows\system32\Adobe 2014-04-02 08:31 - 2012-07-16 18:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-02 08:31 - 2012-04-07 15:18 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-04-02 08:31 - 2011-04-03 01:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-02 08:31 - 2011-03-23 17:38 - 00000000 ____D () C:\Program Files\PixelNet Software 2014-04-02 08:31 - 2011-03-23 16:37 - 00000000 ____D () C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} 2014-04-02 08:31 - 2011-03-23 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-04-02 08:31 - 2011-03-23 14:53 - 00000000 ____D () C:\ProgramData\Installations 2014-04-02 08:31 - 2010-05-29 23:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView 2014-04-02 08:31 - 2010-05-29 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView 2014-04-02 08:31 - 2010-03-25 21:24 - 00000000 ____D () C:\Windows\system32\Macromed 2014-04-02 08:31 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-04-02 08:30 - 2014-02-08 04:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner 2014-04-02 08:29 - 2014-02-01 04:04 - 00000000 ____D () C:\Users\Dani\Downloads\defender41 2014-04-02 08:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-04-02 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2014-04-02 08:23 - 2011-04-03 01:57 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla 2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-02 08:22 - 2012-04-24 23:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\elsterformular 2014-04-02 08:22 - 2011-12-31 06:08 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-02 08:21 - 2013-06-13 20:55 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-04-02 08:21 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-02 08:21 - 2011-03-05 14:20 - 00000000 ____D () C:\Program Files\Java 2014-04-02 07:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-02 07:35 - 2013-06-14 01:27 - 00085040 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-31 21:30 - 2013-09-15 03:37 - 00000000 ____D () C:\Users\Dani\Ulk 2014-03-31 19:54 - 2014-03-31 21:36 - 892371968 _____ () C:\Users\Dani\outlook.pst 2014-03-31 19:51 - 2013-09-27 02:48 - 00000000 ____D () C:\ProgramData\Oracle 2014-03-26 19:16 - 2011-04-14 19:59 - 00000000 ____D () C:\Users\Dani\Eigene Scans 2014-03-24 07:30 - 2014-04-02 21:39 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe 2014-03-24 07:30 - 2012-06-14 19:24 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Dani\Downloads\TDSSKiller.exe 2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom 2014-03-18 01:07 - 2014-03-08 02:59 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit 2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys 2014-03-08 03:07 - 2014-03-08 02:42 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger 2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.1.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 20:14 ==================== End Of Log ============================ LG von Daniela |
07.04.2014, 11:33 | #6 |
/// the machine /// TB-Ausbilder | Windows 7: Benutzerkonto wird fremd geleitet Java udn Firefox updaten. Die Funde sind nur im Java Cache, erledigen wir mit TFC. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Bitte mal einen FRST Scan aus dem Benutzerkonto machen.
__________________ --> Windows 7: Benutzerkonto wird fremd geleitet |
08.04.2014, 00:05 | #7 |
| Windows 7: Benutzerkonto wird fremd geleitet Hallo Schrauber, das mit dem Trennen vom Internet habe ich leider nicht hinbekommen. Ist das schlimm? Mein Notebook hat WLAN-Bluetooth + ich weiß nicht, wo ich es trennen kann + auch nicht, wie ich es dann wieder starten kann. Als ich in der Systemsteuerung das Dienstprogramm zur drahtlosen Konfiguration starten wollte, kam eine Fehlermeldung, dass die interne Konfiguration inkonsistent ist. Was auch immer das heißen soll. Vielleicht habe ich meinen Rechner doch mehr zerschossen, als ich gedacht habe. Gibt es andere Reparaturtools für Windows 7 außer sfc /scannow? Allerdings ist die Bluetooth-Einrichtung ja von HP, denke ich. Hier jetzt die Logs von TFC vom Adminkonto + FRST vom Benutzerkontos: Code:
ATTFilter Getting user folders. Stopping running processes. Emptying Temp folders. User: Admin ->Temp folder emptied: 76422791 bytes ->Temporary Internet Files folder emptied: 92968079 bytes ->Java cache emptied: 48122 bytes ->FireFox cache emptied: 33097162 bytes ->Flash cache emptied: 1925 bytes User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 759 bytes User: All Users User: Dani ->Temp folder emptied: 82068267 bytes ->Temporary Internet Files folder emptied: 432444865 bytes ->Java cache emptied: 16283367 bytes ->FireFox cache emptied: 316899798 bytes ->Flash cache emptied: 15760 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 38673345 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 17575 bytes ->Temporary Internet Files folder emptied: 11484877 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 1173335 bytes ->Flash cache emptied: 506 bytes User: Public User: te %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 257738948 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42219862 bytes Emptying RecycleBin. Do not interrupt. RecycleBin emptied: 0 bytes Process complete! Total Files Cleaned = 1.337,00 mb FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Admin (administrator) on DANI-PC on 07-04-2014 19:31:25 Running from C:\Users\Dani\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe (Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Dirk Scheers Software (www.scheernet.de)) C:\Users\Dani\Downloads\postda_mit_pdf\PostDa.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2387088 2013-04-10] (Microsoft Corp.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation) Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited) HKU\S-1-5-21-989268616-2580872740-1510082382-1001\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-989268616-2580872740-1510082382-1001\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-989268616-2580872740-1510082382-1001\...\MountPoints2: {d48c7ec3-372d-11df-b17e-806e6f6e6963} - E:\setup.EXE /AUTORUN HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [293376 2013-06-13] (Microsoft Corporation) HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PostDa.exe - Verknüpfung.lnk ShortcutTarget: PostDa.exe - Verknüpfung.lnk -> C:\Users\Admin\Downloads\postda_mit_pdf\PostDa.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF54F4976454ECF01 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default FF NewTab: about:blank FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ () FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files\NOS\bin\np_gp.dll No File FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-08] FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10] ========================== Services (Whitelisted) ================= R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation) R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.) S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.) S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd) S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [3718656 2010-03-24] (Broadcom Corporation) ==================== Drivers (Whitelisted) ==================== S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.) R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-03-24] (Broadcom Corporation) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.) S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-07 19:31 - 2014-04-07 19:31 - 00015624 _____ () C:\Users\Dani\Desktop\FRST.txt 2014-04-07 19:29 - 2014-04-07 19:29 - 00001669 _____ () C:\Users\Admin\Desktop\OldTimer.txt 2014-04-07 19:01 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Dani\Desktop\FRST.exe 2014-04-07 18:57 - 2014-04-07 18:57 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe 2014-04-07 18:30 - 2014-04-07 18:29 - 00264600 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-07 18:30 - 2014-04-07 18:29 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-07 18:30 - 2014-04-07 18:29 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-07 18:23 - 2014-04-07 18:28 - 31107992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-8-windows-i586.exe 2014-04-07 18:02 - 2014-04-07 18:04 - 25032080 _____ (Mozilla) C:\Users\Admin\Downloads\Firefox_Setup_de28.0.exe 2014-04-06 12:15 - 2014-04-06 12:15 - 00131072 ____N () C:\Windows\Minidump\040614-34765-01.dmp 2014-04-06 11:43 - 2014-04-06 11:43 - 00057733 _____ () C:\Users\Admin\Desktop\FRST3.txt 2014-04-06 11:39 - 2014-04-06 11:39 - 00001216 _____ () C:\Users\Admin\Desktop\checkup.txt 2014-04-06 11:33 - 2014-04-06 10:53 - 00002025 _____ () C:\Users\Admin\Desktop\ESET.txt 2014-04-05 23:16 - 2014-04-05 23:16 - 00987442 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2014-04-05 23:15 - 2014-04-05 23:15 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe 2014-04-04 18:15 - 2014-04-04 18:15 - 00056773 _____ () C:\Users\Admin\Desktop\FRST2.txt 2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt 2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT 2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2014-04-04 17:51 - 2014-04-04 17:54 - 00000000 ____D () C:\AdwCleaner 2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe 2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt 2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe 2014-04-04 01:12 - 2014-04-04 01:14 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt 2014-04-04 01:11 - 2014-04-07 19:31 - 00000000 ____D () C:\FRST 2014-04-04 01:11 - 2014-04-06 11:42 - 00057733 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-04 01:06 - 2014-04-04 01:07 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt 2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-04-04 00:31 - 2014-04-04 00:41 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm 2014-04-04 00:03 - 2014-04-04 00:04 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe 2014-04-03 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing 2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-04-03 03:31 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-04-03 03:27 - 2014-04-03 03:30 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe 2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp 2014-04-03 00:35 - 2014-04-03 19:19 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt 2014-04-02 22:10 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures 2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:47 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-02 21:39 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe 2014-04-02 17:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-02 09:40 - 2014-04-02 09:48 - 00009846 _____ () C:\Windows\IE10_main.log 2014-04-02 09:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-04-02 09:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-04-02 09:39 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-04-02 09:39 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-02 09:39 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-04-02 09:39 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-04-02 09:39 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-04-02 09:39 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-04-02 09:38 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-02 09:38 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-02 09:38 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-02 09:38 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-02 09:38 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-04-02 09:38 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-04-02 09:38 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-04-02 09:38 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-04-02 09:38 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-04-02 09:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-04-02 09:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-04-02 09:38 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-04-02 09:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-04-02 09:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-04-02 09:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-02 09:37 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-04-02 08:56 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-02 08:56 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-02 08:56 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-02 08:56 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-02 08:56 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-02 08:56 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-02 08:56 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-02 08:56 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-02 08:56 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-02 08:56 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-02 08:56 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-02 08:36 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-02 08:36 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-02 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-02 08:27 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-04-02 08:27 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-04-02 08:27 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-04-02 08:27 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-04-02 08:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-04-02 08:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-04-02 08:27 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-04-02 08:27 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-04-02 08:27 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-04-02 08:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-02 08:26 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-04-02 08:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-04-02 08:24 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-02 08:24 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-04-02 08:24 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-04-02 08:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-02 08:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-04-02 08:23 - 2013-09-25 04:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-04-02 08:23 - 2013-09-25 04:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-04-02 08:23 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-04-02 08:23 - 2013-09-25 03:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-04-02 08:23 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-04-02 08:23 - 2013-09-25 03:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-04-02 08:23 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-04-02 08:23 - 2013-09-25 02:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-04-02 08:23 - 2013-09-25 02:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-04-02 08:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-04-02 08:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-04-02 08:23 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-04-02 08:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-04-02 08:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-02 08:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-02 08:20 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-02 08:20 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-04-02 08:20 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-04-02 08:20 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-04-02 08:20 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-04-02 08:20 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-04-02 08:20 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-04-02 08:20 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-04-02 08:20 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-04-02 08:20 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-04-02 08:20 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-04-02 08:20 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-04-02 08:20 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-04-02 08:20 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-04-02 08:20 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-04-02 08:19 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-02 08:19 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-02 08:19 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-02 08:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-04-02 08:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-04-02 08:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-04-02 08:19 - 2013-10-03 03:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-04-02 08:19 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-02 08:19 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-04-02 08:19 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-04-02 08:19 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-04-02 08:19 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-04-02 08:19 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-04-02 08:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-01 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-31 21:36 - 2014-03-31 19:54 - 892371968 _____ () C:\Users\Dani\outlook.pst 2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom 2014-03-08 02:59 - 2014-03-18 01:07 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit 2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner 2014-03-08 02:42 - 2014-03-08 03:07 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger ==================== One Month Modified Files and Folders ======= 2014-04-07 19:36 - 2011-09-25 05:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-07 19:33 - 2014-04-07 19:31 - 00015624 _____ () C:\Users\Dani\Desktop\FRST.txt 2014-04-07 19:31 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST 2014-04-07 19:30 - 2013-07-10 18:30 - 00000000 ____D () C:\Users\Dani\AppData\Local\FreePDF_XP 2014-04-07 19:30 - 2011-09-25 05:37 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-07 19:29 - 2014-04-07 19:29 - 00001669 _____ () C:\Users\Admin\Desktop\OldTimer.txt 2014-04-07 19:16 - 2012-07-27 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-07 19:04 - 2013-06-13 22:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-07 18:57 - 2014-04-07 18:57 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe 2014-04-07 18:56 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-07 18:56 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-07 18:53 - 2013-06-13 22:02 - 02024480 _____ () C:\Windows\WindowsUpdate.log 2014-04-07 18:48 - 2013-06-14 12:41 - 00063129 _____ () C:\Windows\setupact.log 2014-04-07 18:48 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 18:47 - 2012-07-16 18:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-07 18:39 - 2012-04-01 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-07 18:39 - 2011-05-19 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-07 18:37 - 2010-08-22 13:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-04-07 18:35 - 2012-08-26 17:18 - 00000000 ____D () C:\Windows\system32\Adobe 2014-04-07 18:30 - 2013-09-27 02:48 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-07 18:30 - 2012-09-05 22:33 - 00096664 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-04-07 18:29 - 2014-04-07 18:30 - 00264600 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-07 18:29 - 2014-04-07 18:30 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-07 18:29 - 2014-04-07 18:30 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-07 18:28 - 2014-04-07 18:23 - 31107992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-8-windows-i586.exe 2014-04-07 18:20 - 2011-09-02 16:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2014-04-07 18:18 - 2011-04-03 01:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-07 18:04 - 2014-04-07 18:02 - 25032080 _____ (Mozilla) C:\Users\Admin\Downloads\Firefox_Setup_de28.0.exe 2014-04-06 12:15 - 2014-04-06 12:15 - 00131072 ____N () C:\Windows\Minidump\040614-34765-01.dmp 2014-04-06 12:15 - 2013-06-14 02:01 - 00000000 ____D () C:\Windows\Minidump 2014-04-06 12:07 - 2011-09-25 14:55 - 00103940 _____ () C:\Windows\PFRO.log 2014-04-06 11:43 - 2014-04-06 11:43 - 00057733 _____ () C:\Users\Admin\Desktop\FRST3.txt 2014-04-06 11:42 - 2014-04-04 01:11 - 00057733 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-06 11:39 - 2014-04-06 11:39 - 00001216 _____ () C:\Users\Admin\Desktop\checkup.txt 2014-04-06 10:53 - 2014-04-06 11:33 - 00002025 _____ () C:\Users\Admin\Desktop\ESET.txt 2014-04-05 23:16 - 2014-04-05 23:16 - 00987442 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2014-04-05 23:15 - 2014-04-05 23:15 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe 2014-04-04 18:15 - 2014-04-04 18:15 - 00056773 _____ () C:\Users\Admin\Desktop\FRST2.txt 2014-04-04 18:12 - 2014-04-04 18:12 - 00001297 _____ () C:\Users\Admin\Desktop\JRT.txt 2014-04-04 17:59 - 2014-04-04 17:59 - 00000000 ____D () C:\Windows\ERUNT 2014-04-04 17:58 - 2014-04-04 17:58 - 00005054 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2014-04-04 17:54 - 2014-04-04 17:51 - 00000000 ____D () C:\AdwCleaner 2014-04-04 17:49 - 2014-04-04 17:49 - 01426178 _____ () C:\Users\Admin\Desktop\adwcleaner.exe 2014-04-04 17:49 - 2014-04-04 17:49 - 01038974 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2014-04-04 01:54 - 2014-04-04 01:54 - 00002344 _____ () C:\Users\Admin\Desktop\Gmer.txt 2014-04-04 01:19 - 2014-04-04 01:19 - 00380416 _____ () C:\Users\Admin\Desktop\g5w19qcz.exe 2014-04-04 01:14 - 2014-04-04 01:12 - 00034767 _____ () C:\Users\Admin\Desktop\Addition.txt 2014-04-04 01:09 - 2014-04-07 19:01 - 01145856 _____ (Farbar) C:\Users\Dani\Desktop\FRST.exe 2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-04 01:07 - 2014-04-04 01:06 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.txt 2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-04-04 01:06 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Admin 2014-04-04 00:41 - 2014-04-04 00:31 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm 2014-04-04 00:41 - 2011-03-22 19:35 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-04-04 00:41 - 2011-03-22 19:35 - 00001908 _____ () C:\Windows\diagerr.xml 2014-04-04 00:37 - 2013-06-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-04 00:33 - 2010-08-22 17:03 - 00000000 ____D () C:\Users\Dani\Scans 2014-04-04 00:04 - 2014-04-04 00:03 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe 2014-04-03 20:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing 2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2014-04-03 19:19 - 2014-04-03 00:35 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt 2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-04-03 03:31 - 2011-03-29 04:11 - 00000000 ____D () C:\Program Files\Panda Security 2014-04-03 03:30 - 2014-04-03 03:27 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe 2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp 2014-04-03 00:22 - 2013-06-13 22:17 - 00085040 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-03 00:21 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Dani 2014-04-02 22:43 - 2014-04-01 22:57 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-04-02 22:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-04-02 22:07 - 2011-09-24 21:37 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures 2014-04-02 22:06 - 2012-05-16 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-02 21:47 - 2014-04-02 21:43 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software 2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-02 21:39 - 2011-08-06 21:45 - 00000000 ____D () C:\ProgramData\Freemake 2014-04-02 17:43 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-04-02 10:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-04-02 10:03 - 2013-07-10 16:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-02 09:48 - 2014-04-02 09:40 - 00009846 _____ () C:\Windows\IE10_main.log 2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-02 09:21 - 2010-03-25 23:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-02 09:21 - 2009-07-14 06:33 - 00345488 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-02 09:16 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Gast 2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Administrator 2014-04-02 08:31 - 2013-06-14 14:13 - 00000000 ____D () C:\Users\Dani\Downloads\postda_mit_pdf 2014-04-02 08:31 - 2013-02-24 23:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\PDF reDirect 2014-04-02 08:31 - 2013-01-18 19:08 - 00000000 ____D () C:\Program Files\QuickTime 2014-04-02 08:31 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Adobe 2014-04-02 08:31 - 2012-09-29 05:59 - 00000000 ____D () C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2014-04-02 08:31 - 2012-04-07 15:18 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-04-02 08:31 - 2011-03-23 17:38 - 00000000 ____D () C:\Program Files\PixelNet Software 2014-04-02 08:31 - 2011-03-23 16:37 - 00000000 ____D () C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} 2014-04-02 08:31 - 2011-03-23 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-04-02 08:31 - 2011-03-23 14:53 - 00000000 ____D () C:\ProgramData\Installations 2014-04-02 08:31 - 2010-05-29 23:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView 2014-04-02 08:31 - 2010-05-29 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView 2014-04-02 08:31 - 2010-03-25 21:24 - 00000000 ____D () C:\Windows\system32\Macromed 2014-04-02 08:31 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-04-02 08:30 - 2014-02-08 04:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner 2014-04-02 08:29 - 2014-02-01 04:04 - 00000000 ____D () C:\Users\Dani\Downloads\defender41 2014-04-02 08:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-04-02 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2014-04-02 08:23 - 2011-04-03 01:57 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla 2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-02 08:22 - 2012-04-24 23:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\elsterformular 2014-04-02 08:22 - 2011-12-31 06:08 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-02 08:21 - 2013-06-13 20:55 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-04-02 08:21 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-02 08:21 - 2011-03-05 14:20 - 00000000 ____D () C:\Program Files\Java 2014-04-02 07:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-02 07:35 - 2013-06-14 01:27 - 00085040 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-31 21:30 - 2013-09-15 03:37 - 00000000 ____D () C:\Users\Dani\Ulk 2014-03-31 19:54 - 2014-03-31 21:36 - 892371968 _____ () C:\Users\Dani\outlook.pst 2014-03-26 19:16 - 2011-04-14 19:59 - 00000000 ____D () C:\Users\Dani\Eigene Scans 2014-03-24 07:30 - 2014-04-02 21:39 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe 2014-03-24 07:30 - 2012-06-14 19:24 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Dani\Downloads\TDSSKiller.exe 2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom 2014-03-18 01:07 - 2014-03-08 02:59 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit 2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys 2014-03-08 03:07 - 2014-03-08 02:42 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger 2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 20:14 ==================== End Of Log ============================ LG von Daniela |
08.04.2014, 12:35 | #8 |
/// the machine /// TB-Ausbilder | Windows 7: Benutzerkonto wird fremd geleitet Leg bitte mal ein neues Benutzerkonto an, in dieses booten. Dort auch so Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.04.2014, 20:17 | #9 |
| Windows 7: Benutzerkonto wird fremd geleitet Hallo Schrauber, was meinst du genau mit, ich soll in ein anderes Konto "booten"? Also ich habe schon immer ein Gastkonto ohne Kennwort + ich habe mir vorhin noch ein 2. Benutzerkonto mit Kennwort angelegt. Ich habe dann ganz normal den Rechner gestartet, um in diese beide Konten zu kommen. Beide funktionieren anscheinend ohne Probleme. Soll ich mein altes Konto löschen? Reicht ein einfaches Löschen über die Benutzerkontensteuerung? Müssen noch irgendwelche von den Programmen, die ich im Laufe unseres Kontaktes installiert habe, wieder gelöscht werden? Besonders die vom Anfang? LG von Daniela |
09.04.2014, 15:04 | #10 |
/// the machine /// TB-Ausbilder | Windows 7: Benutzerkonto wird fremd geleitet Hat das neu angelegte Adminrechte? Wenn ja, daten aus dem alten Konto, die du eventuell brauchst, sichern, dann das alte Konto über die Benutzerkontensteuerung löschen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7: Benutzerkonto wird fremd geleitet |
branding, device driver, dringend, dvdvideosoft ltd., e-banking, firefox, flash player, homepage, internet explorer, java/exploit.agent.nju, kaspersky, launch, malware, minidump, mp3, newtab, officejet, open candy, pup.optional.opencandy, pup.optional.snapdo.a, rundll, sierra, software, svchost.exe, system, windows |