|
Plagegeister aller Art und deren Bekämpfung: Desktopsymbole + Hintergrundbild + Taskleiste wegWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.11.2014, 07:33 | #1 |
| Desktopsymbole + Hintergrundbild + Taskleiste weg Habe seit gestern Abend folgendes Problem! Ich weis nicht ob ich mir einen Virus oder sonstige Schadsoftware eingefangen habe! Jedenfalls lädt mein Laptop seit gestern Abend den Startbildschirm - sprich weder das Hintergrundbild noch Destopsymbole und auch die Taskleiste nicht mehr. Ich habe nach eingabe des Passwortes nur noch einen schwarzen Bildschirm und kann nur noch über den Taskmanager den Laptop wieder herunterfahren. Sonst geht nix mehr. Vorgeschichte: Seit einigen Tagen hat das Internet nicht mehr gut funktioniert und auch sämtliche Programme (PC-Spiele oder auch Musikdateien) haben spärlich funktioniert und sind immer wieder hängengeblieben. Das Virenprogramm (Kaspersky) hat jedoch beim Tagesscan nichts angezeigt. Wollte dann gestern mit dem Malwarebiteprogramm einen Scan durchführen und einen komplett Virenscan mit dem Kasperkyprogramm, aber mittendrin hat sich der Laptop wieder aufgehängt und die Scans konnten nicht mehr durchgeführt werden. Nach dem Laptopneustart ist die automatische Starthilfe drübergelaufen und seit dem geht aber gar nix mehr Ich hoffe jemand von euch kann mir auch dieses Mal wieder weiterhelfen wie die anderen beiden Male auch. Danke schon mal im Voraus! |
21.11.2014, 14:03 | #2 |
/// the machine /// TB-Ausbilder | Desktopsymbole + Hintergrundbild + Taskleiste weg hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
21.11.2014, 20:54 | #3 |
| Kein 2ter PC vorhanden Hi, hab das Programm mal drueberlaufen lassen, kann dir aber mangels eines zweiten PC's die Antwortdatei wahrscheinlich erst am Montag im Laufe des Tages schicken da ich sonst keine Moeglichkeit hab die Datei vom Stick ins Netz zu bekommen. Ich schreib momentan uebers Smartphone.
__________________Lg |
22.11.2014, 18:23 | #4 |
/// the machine /// TB-Ausbilder | Desktopsymbole + Hintergrundbild + Taskleiste weg kein thema, ich laufe nit weg
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.11.2014, 06:39 | #5 |
| Desktopsymbole + Hintergrundbild + Taskleiste weg Guten Morgen! Hier sind die Dateien von Freitag! Ich habs 2x drüberlaufen lassen! Nr.1 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013 (ATTENTION: FRST version is 490 days old) Ran by SYSTEM on 21-11-2014 17:21:19 Running from H:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349480 2009-12-02] (Egis Technology Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2011-03-30] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated) HKLM\...\Run: [lxeamon.exe] - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] () HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-23] () HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [45568 2009-07-13] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation) HKLM-x32\...\Run: [BackupManagerTray] - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [265984 2010-01-12] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [200488 2009-10-22] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" 196609 [401192 2009-10-22] (Egis Technology Inc.) HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1288784 2010-02-23] (Dritek System Inc.) HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [ISUSScheduler] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2004-08-08] (InstallShield Software Corporation) HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x] HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356128 2013-10-09] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-11] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [TAG_A1Dashboard_Launcher.exe] - C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Launcher.exe [518712 2013-02-04] () HKLM-x32\...\Run: [MailCheck IE Broker] - "C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [1772608 2014-04-24] (1und1 Mail und Media GmbH) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] () HKU\Sabine Scholz\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2004-08-08] (InstallShield Software Corporation) HKU\Sabine Scholz\...\Run: [AlcoholAutomount] - "D:\Alcohol 52\AxAutoMntSrv.exe" -automount [x] Startup: C:\Users\Sabine Scholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO) S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-13] (Microsoft Corporation) S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( ) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305448 2009-12-02] (Egis Technology Inc.) S2 pr2amtjb; C:\Windows\system32\pr2amtjb.exe [781200 2007-08-31] (bhv Software GmbH and Co. KG) S2 TAG_Service; C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Service.exe [500792 2013-02-04] () S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] S2 StarWindServiceAE; D:\Alcohol 52\StarWind\StarWindServiceAE.exe [x] ==================== Drivers (Whitelisted) ==================== S1 acedrv05; C:\Windows\system32\drivers\acedrv05.sys [136192 2013-12-29] () S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2012-06-22] () S2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2013-04-26] (Protect Software GmbH) S2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2013-04-26] (Protect Software GmbH) S2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2013-04-26] (Protect Software GmbH) S2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2013-04-26] (Protect Software GmbH) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-02-07] () S3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [222464 2012-01-10] (Dexetek ) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2011-09-09] (Huawei Technologies Co., Ltd.) S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO) S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-22] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-22] (Kaspersky Lab ZAO) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-09-23] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation) S0 pe3amtjb; C:\Windows\System32\drivers\pe3amtjb.sys [72848 2007-08-31] (bhv Software GmbH and Co. KG) S1 prodrv04; C:\Windows\SysWow64\drivers\prodrv04.sys [114496 2014-04-11] (Protection Technology Co.) S0 ps7amtjb; C:\Windows\System32\drivers\ps7amtjb.sys [102552 2007-08-31] (bhv Software GmbH and Co. KG) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-11-10] (Duplex Secure Ltd.) S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S1 prodrv04; \SystemRoot\System32\drivers\prodrv04.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-11-21 17:21 - 2014-11-21 17:21 - 00000000 ___DC C:\FRST 2014-11-21 16:20 - 2014-11-21 16:53 - 00000000 ____C C:\Recovery.txt 2014-11-20 08:24 - 2014-11-20 08:25 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-11-20 08:24 - 2014-10-01 02:11 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-11-20 08:24 - 2014-10-01 02:11 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-11-20 08:23 - 2014-11-21 15:54 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-20 08:02 - 2014-11-20 08:24 - 00001106 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-20 08:02 - 2014-11-20 08:23 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-11-20 08:02 - 2014-10-01 02:11 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-11-19 09:52 - 2014-11-19 10:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2014-11-19 09:52 - 2014-11-19 10:22 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 09:52 - 2014-11-19 10:22 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll 2014-11-19 09:52 - 2014-11-19 10:22 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-15 13:28 - 2014-11-15 13:28 - 00083220 ____C C:\Users\Sabine Scholz\Downloads\VIE SIE WDPL GJ 2015 (1).xlsx 2014-11-15 04:06 - 2014-11-15 04:06 - 00019705 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 47.1.xlsx 2014-11-15 04:05 - 2014-11-15 04:05 - 00083301 ____C C:\Users\Sabine Scholz\Downloads\VIE SIE WDPL GJ 2015.xlsx 2014-11-13 10:51 - 2014-11-13 14:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2014-11-13 10:51 - 2014-11-13 14:16 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll 2014-11-13 10:51 - 2014-11-13 14:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2014-11-13 10:50 - 2014-11-13 14:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 10:50 - 2014-11-13 14:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-11-13 10:50 - 2014-11-13 14:14 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-11-13 10:50 - 2014-11-13 14:14 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-11-13 10:50 - 2014-11-13 14:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-11-13 10:49 - 2014-11-13 14:14 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 10:49 - 2014-11-13 14:14 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-11-13 10:49 - 2014-11-13 14:14 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-11-13 10:49 - 2014-11-13 14:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 10:49 - 2014-11-13 14:14 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-11-13 10:47 - 2014-11-13 14:13 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-11-13 10:47 - 2014-11-13 14:13 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 10:47 - 2014-11-13 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 10:47 - 2014-11-13 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL 2014-11-13 10:47 - 2014-11-13 14:12 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 10:47 - 2014-11-13 14:12 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 10:46 - 2014-11-13 14:02 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-11-13 10:46 - 2014-11-13 14:02 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll 2014-11-13 10:46 - 2014-11-13 14:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 10:46 - 2014-11-13 14:01 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll 2014-11-13 10:46 - 2014-11-13 14:01 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 10:45 - 2014-11-13 14:00 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2014-11-13 10:45 - 2014-11-13 14:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 10:37 - 2014-11-11 10:37 - 00020224 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 46.4.xlsx 2014-11-05 10:46 - 2014-11-05 10:46 - 00020229 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 45.4.xlsx 2014-11-04 11:03 - 2014-11-20 13:16 - 00001680 ____C C:\Windows\setupact.log 2014-11-04 11:03 - 2014-11-04 11:03 - 00000000 ____C C:\Windows\setuperr.log 2014-11-02 05:36 - 2014-11-02 05:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\0258031A.sys 2014-11-01 13:29 - 2014-11-01 13:29 - 00019830 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 45.xlsx 2014-11-01 13:27 - 2014-11-01 13:27 - 00018268 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE RU KW. 45.2.xlsx 2014-10-25 23:36 - 2014-10-26 05:25 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\53BF4C62.sys 2014-10-24 10:37 - 2014-10-24 10:37 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\56AA2A10.sys 2014-10-24 10:36 - 2014-10-24 10:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\7961296A.sys 2014-10-22 12:36 - 2014-10-22 12:36 - 00045394 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 43.2.xlsx 2014-10-22 11:34 - 2014-10-22 11:34 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Little Games Company 2014-10-22 11:34 - 2014-10-22 11:34 - 00000000 ___DC C:\ProgramData\Little Games Company 2014-10-22 09:01 - 2014-10-22 09:01 - 00000906 ____C C:\Users\Public\Desktop\Zulu's Zoo - Ein tierisches Vergnügen.lnk 2014-10-22 07:53 - 2014-10-22 08:05 - 167996944 ____C (INTENIUM GmbH) C:\Users\Sabine Scholz\Downloads\ZulusZooEinTierischesVergnuegen.exe 2014-10-22 07:37 - 2014-10-22 07:37 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\641903E7.sys ==================== One Month Modified Files and Folders ======= 2014-11-21 17:21 - 2014-11-21 17:21 - 00000000 ___DC C:\FRST 2014-11-21 16:53 - 2014-11-21 16:20 - 00000000 ____C C:\Recovery.txt 2014-11-21 16:20 - 2011-03-30 02:30 - 00000000 ___DC C:\Recovery 2014-11-21 15:56 - 2013-04-01 01:50 - 00000000 ___DC C:\Program Files (x86)\DVBViewer TERRATEC Edition 2014-11-21 15:56 - 2012-02-24 22:19 - 00000000 ___DC C:\Program Files (x86)\1und1Softwareaktualisierung 2014-11-21 15:56 - 2011-10-27 09:12 - 00000000 ___DC C:\Program Files (x86)\Audacity 1.3 Beta 2014-11-21 15:56 - 2011-03-30 02:37 - 00000000 ___DC C:\Program Files (x86)\CyberLink 2014-11-21 15:56 - 2010-02-10 18:42 - 00000000 ___DC C:\Program Files (x86)\Acer GameZone 2014-11-21 15:56 - 2010-02-10 18:17 - 00000000 ___DC C:\Program Files (x86)\Acer 2014-11-21 15:56 - 2010-02-10 18:03 - 00000000 ___DC C:\Program Files (x86)\AmIcoSingLun 2014-11-21 15:55 - 2011-11-06 09:37 - 00000000 ___DC C:\Program Files (x86)\Free WMA to MP3 Converter 2014-11-21 15:55 - 2011-04-07 07:18 - 00000000 ___DC C:\Program Files (x86)\HappyFoto-Designer 2014-11-21 15:55 - 2010-02-10 18:52 - 00000000 ___DC C:\Program Files (x86)\EgisTec MyWinLocker 2014-11-21 15:55 - 2010-02-10 18:52 - 00000000 ___DC C:\Program Files (x86)\EgisTec IPS 2014-11-21 15:55 - 2010-02-10 18:03 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information 2014-11-21 15:54 - 2014-11-20 08:23 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-21 15:54 - 2012-12-26 12:32 - 00000000 ___DC C:\Program Files\Conexant 2014-11-21 15:54 - 2012-04-03 04:24 - 00000000 ___DC C:\Program Files (x86)\Pixum 2014-11-21 15:54 - 2011-12-11 07:57 - 00000000 ___DC C:\Program Files (x86)\My Video Converter 2014-11-21 15:54 - 2011-11-04 07:25 - 00000000 ___DC C:\Program Files (x86)\Lame For Audacity 2014-11-21 15:54 - 2011-10-03 12:17 - 00000000 ___DC C:\Program Files\Lexmark 2014-11-21 15:54 - 2011-07-17 10:32 - 00000000 ___DC C:\Program Files\DivX 2014-11-21 15:54 - 2011-06-14 09:15 - 00000000 ___DC C:\Program Files (x86)\Lexmark Toolbar 2014-11-21 15:54 - 2011-06-14 09:14 - 00000000 ___DC C:\Program Files (x86)\Lexmark S300-S400 Series 2014-11-21 15:54 - 2011-06-11 03:42 - 00000000 ___DC C:\Program Files (x86)\QuickTime 2014-11-21 15:54 - 2011-04-05 23:41 - 00000000 ___DC C:\Program Files (x86)\OpenAL 2014-11-21 15:54 - 2011-03-30 02:41 - 00000000 ___DC C:\Program Files (x86)\Windows Live 2014-11-21 15:54 - 2011-03-30 02:36 - 00000000 ___DC C:\Program Files\Intel 2014-11-21 15:54 - 2011-03-30 02:36 - 00000000 ___DC C:\Program Files (x86)\Launch Manager 2014-11-21 15:54 - 2011-03-30 02:34 - 00000000 ___DC C:\Program Files\Realtek 2014-11-21 15:54 - 2010-02-10 18:38 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office Suite Activation Assistant 2014-11-21 15:54 - 2010-02-10 18:21 - 00000000 ___DC C:\Program Files (x86)\Microsoft Works 2014-11-21 15:54 - 2010-02-10 18:17 - 00000000 ___DC C:\Program Files\Acer 2014-11-21 15:54 - 2010-02-10 18:03 - 00000000 ___DC C:\Program Files\Broadcom 2014-11-21 15:54 - 2010-02-10 17:53 - 00000000 ___DC C:\Program Files\Windows Journal 2014-11-21 15:54 - 2009-07-13 21:32 - 00000000 ___DC C:\Program Files\DVD Maker 2014-11-21 15:54 - 2009-07-13 19:20 - 00000000 ___DC C:\Program Files\Common Files\System 2014-11-21 15:53 - 2011-06-14 09:22 - 00000000 ___DC C:\ProgramData\Ezprint 2014-11-21 15:53 - 2011-06-11 03:42 - 00000000 ___DC C:\ProgramData\Apple Computer 2014-11-21 15:53 - 2011-04-03 23:22 - 00000000 ___DC C:\ProgramData\lx_Cats 2014-11-21 15:53 - 2010-02-10 18:19 - 00000000 ___DC C:\ProgramData\Microsoft Help 2014-11-21 15:53 - 2010-02-10 18:03 - 00000000 ___DC C:\ProgramData\AmUStor 2014-11-21 15:48 - 2013-02-22 12:46 - 00000000 ___DC C:\Users\Sabine Scholz\Games 2014-11-21 15:48 - 2012-11-10 09:24 - 00000000 ___DC C:\Users\Sabine Scholz\setup 2014-11-21 15:48 - 2012-06-15 09:06 - 00000000 ___DC C:\ProgramData\Norton 2014-11-21 15:48 - 2012-02-24 22:19 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\1&1 Mail & Media GmbH 2014-11-21 15:48 - 2011-11-06 09:53 - 00000000 ___DC C:\Users\Sabine Scholz\Anwendungen 2014-11-21 15:48 - 2011-09-22 08:38 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Supermarket Mania 2 2014-11-21 15:48 - 2011-04-16 11:39 - 00000000 ___DC C:\Users\Public\CyberLink 2014-11-21 15:48 - 2011-04-16 11:38 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Local\Cyberlink 2014-11-21 15:48 - 2011-03-31 10:19 - 00000000 ___DC C:\ProgramData\mpDRM 2014-11-21 15:48 - 2011-03-30 02:44 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Local\Microsoft Help 2014-11-21 15:48 - 2010-02-10 18:06 - 00000000 ___DC C:\Windows\Downloaded Installations 2014-11-21 15:48 - 2009-10-05 13:35 - 00000000 ___DC C:\Windows\DeployWinRE2 2014-11-21 15:47 - 2013-07-22 10:33 - 00000000 ___DC C:\Windows\ELAMBKUP 2014-11-21 15:47 - 2011-03-30 12:11 - 00000000 ___DC C:\Windows\NAPP_Dism_Log 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\bg-BG 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\ar-SA 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\PolicyDefinitions 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2014-11-21 15:47 - 2009-03-12 01:30 - 00000000 ___DC C:\Windows\LP 2014-11-21 15:45 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\com 2014-11-21 15:44 - 2011-03-30 12:17 - 00000000 ___DC C:\Windows\System32\de 2014-11-21 15:44 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\Dism 2014-11-21 15:43 - 2011-07-07 12:00 - 00000000 ___DC C:\Windows\System32\SPReview 2014-11-21 15:43 - 2011-07-07 07:06 - 00000000 ___DC C:\Windows\System32\EventProviders 2014-11-21 15:43 - 2010-02-10 18:42 - 00000000 ___DC C:\Windows\SysWOW64\Drivers\nti 2014-11-21 15:43 - 2009-07-13 21:32 - 00000000 ___DC C:\Windows\System32\WinBioPlugIns 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\migwiz 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\lv-LV 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\lt-LT 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\InstallShield 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\hr-HR 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\he-IL 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\et-EE 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\com 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\bg-BG 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\ar-SA 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\zh-HK 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\uk-UA 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\tr-TR 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\th-TH 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\sysprep 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\sr-Latn-CS 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\sl-SI 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\sk-SK 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\Setup 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\ro-RO 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\oobe 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\migwiz 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\lv-LV 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\lt-LT 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\hr-HR 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\he-IL 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\et-EE 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\icsxml 2014-11-21 15:42 - 2011-03-30 02:34 - 00000000 ___DC C:\Windows\SysWOW64\RTCOM 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\zh-HK 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\uk-UA 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\tr-TR 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\th-TH 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\sr-Latn-CS 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\sl-SI 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\sk-SK 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\Setup 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\ro-RO 2014-11-20 13:24 - 2011-03-31 04:05 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-20 13:16 - 2014-11-04 11:03 - 00001680 ____C C:\Windows\setupact.log 2014-11-20 13:16 - 2009-07-13 21:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT 2014-11-20 09:22 - 2013-07-22 10:33 - 00000000 ___DC C:\ProgramData\Kaspersky Lab 2014-11-20 09:22 - 2011-03-30 02:30 - 01198174 ____C C:\Windows\WindowsUpdate.log 2014-11-20 08:45 - 2011-03-31 04:05 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-20 08:42 - 2012-10-05 13:00 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-20 08:25 - 2014-11-20 08:24 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-11-20 08:24 - 2014-11-20 08:02 - 00001106 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-20 08:24 - 2012-10-16 10:30 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Malwarebytes 2014-11-20 08:23 - 2014-11-20 08:02 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-11-20 08:23 - 2013-07-28 11:19 - 00000000 __RDC C:\Users\Sabine Scholz\Dropbox 2014-11-20 08:23 - 2013-07-28 11:15 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Dropbox 2014-11-20 08:08 - 2011-03-30 12:17 - 00699682 ____C C:\Windows\System32\perfh007.dat 2014-11-20 08:08 - 2011-03-30 12:17 - 00149790 ____C C:\Windows\System32\perfc007.dat 2014-11-20 08:08 - 2009-07-13 21:13 - 01620684 ____C C:\Windows\System32\PerfStringBackup.INI 2014-11-20 07:58 - 2009-07-13 20:45 - 00025840 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-20 07:57 - 2009-07-13 20:45 - 00025840 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-20 07:52 - 2011-04-03 23:18 - 00208674 ____C C:\ProgramData\lxeascan.log 2014-11-19 10:22 - 2014-11-19 09:52 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2014-11-19 10:22 - 2014-11-19 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 10:22 - 2014-11-19 09:52 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll 2014-11-19 10:22 - 2014-11-19 09:52 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 09:37 - 2011-04-05 13:16 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{26CE676E-40F2-4436-9BA5-03CC5803401B} 2014-11-15 13:28 - 2014-11-15 13:28 - 00083220 ____C C:\Users\Sabine Scholz\Downloads\VIE SIE WDPL GJ 2015 (1).xlsx 2014-11-15 04:06 - 2014-11-15 04:06 - 00019705 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 47.1.xlsx 2014-11-15 04:05 - 2014-11-15 04:05 - 00083301 ____C C:\Users\Sabine Scholz\Downloads\VIE SIE WDPL GJ 2015.xlsx 2014-11-15 00:38 - 2011-03-31 04:05 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 00:38 - 2011-03-31 04:05 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-15 00:37 - 2013-07-28 11:19 - 00001052 ____C C:\Users\Sabine Scholz\Desktop\Dropbox.lnk 2014-11-15 00:37 - 2013-07-28 11:16 - 00002479 ____C C:\Windows\wininit.ini 2014-11-14 04:58 - 2009-07-13 20:45 - 00419264 ____C C:\Windows\System32\FNTCACHE.DAT 2014-11-13 14:17 - 2014-05-06 11:59 - 00000000 __SDC C:\Windows\System32\CompatTel 2014-11-13 14:16 - 2014-11-13 10:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2014-11-13 14:16 - 2014-11-13 10:51 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll 2014-11-13 14:16 - 2014-11-13 10:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2014-11-13 14:16 - 2014-11-13 10:50 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 14:14 - 2014-11-13 10:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-11-13 14:14 - 2014-11-13 10:50 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-11-13 14:14 - 2014-11-13 10:50 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-11-13 14:14 - 2014-11-13 10:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-11-13 14:14 - 2014-11-13 10:49 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 14:14 - 2014-11-13 10:49 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-11-13 14:14 - 2014-11-13 10:49 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-11-13 14:14 - 2014-11-13 10:49 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 14:14 - 2014-11-13 10:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-11-13 14:13 - 2014-11-13 10:47 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-11-13 14:13 - 2014-11-13 10:47 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 14:13 - 2014-11-13 10:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 14:13 - 2014-11-13 10:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL 2014-11-13 14:12 - 2014-11-13 10:47 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 14:12 - 2014-11-13 10:47 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 14:11 - 2013-08-11 09:00 - 00000000 ___DC C:\Windows\System32\MRT 2014-11-13 14:03 - 2014-11-13 10:47 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 14:03 - 2011-07-07 12:08 - 103374192 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-11-13 14:02 - 2014-11-13 10:46 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-11-13 14:02 - 2014-11-13 10:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll 2014-11-13 14:02 - 2014-11-13 10:46 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 14:01 - 2014-11-13 10:46 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll 2014-11-13 14:01 - 2014-11-13 10:46 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 14:00 - 2014-11-13 10:45 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2014-11-13 14:00 - 2014-11-13 10:45 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-13 13:23 - 2011-09-26 08:57 - 00000000 ___DC C:\Windows\Minidump 2014-11-12 11:41 - 2012-10-05 13:00 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 11:41 - 2012-10-05 13:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-12 11:41 - 2011-07-07 12:12 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 10:37 - 2014-11-11 10:37 - 00020224 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 46.4.xlsx 2014-11-05 10:46 - 2014-11-05 10:46 - 00020229 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 45.4.xlsx 2014-11-04 11:03 - 2014-11-04 11:03 - 00000000 ____C C:\Windows\setuperr.log 2014-11-04 11:03 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-04 05:30 - 2011-03-31 02:45 - 00275080 ____C (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2014-11-02 05:36 - 2014-11-02 05:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\0258031A.sys 2014-11-01 13:29 - 2014-11-01 13:29 - 00019830 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 45.xlsx 2014-11-01 13:27 - 2014-11-01 13:27 - 00018268 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE RU KW. 45.2.xlsx 2014-10-27 10:39 - 2013-03-16 11:11 - 00002179 ____C C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-26 05:25 - 2014-10-25 23:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\53BF4C62.sys 2014-10-24 10:37 - 2014-10-24 10:37 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\56AA2A10.sys 2014-10-24 10:36 - 2014-10-24 10:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\7961296A.sys 2014-10-22 12:36 - 2014-10-22 12:36 - 00045394 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 43.2.xlsx 2014-10-22 11:34 - 2014-10-22 11:34 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Little Games Company 2014-10-22 11:34 - 2014-10-22 11:34 - 00000000 ___DC C:\ProgramData\Little Games Company 2014-10-22 10:57 - 2013-09-20 06:56 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\8floor 2014-10-22 09:01 - 2014-10-22 09:01 - 00000906 ____C C:\Users\Public\Desktop\Zulu's Zoo - Ein tierisches Vergnügen.lnk 2014-10-22 09:01 - 2011-04-18 04:02 - 00001135 ____C C:\Users\Public\Desktop\GAME CENTER.lnk 2014-10-22 08:05 - 2014-10-22 07:53 - 167996944 ____C (INTENIUM GmbH) C:\Users\Sabine Scholz\Downloads\ZulusZooEinTierischesVergnuegen.exe 2014-10-22 07:37 - 2014-10-22 07:37 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\641903E7.sys Files to move or delete: ==================== C:\ProgramData\FullRemove.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-10-15 08:52] - [2014-10-15 09:32] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3956.43 MB Available physical RAM: 3224.97 MB Total Pagefile: 3954.58 MB Available Pagefile: 3222.73 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:150.88 GB) NTFS (Disk=0 Partition=3) Drive e: (DATA) (Fixed) (Total:290.4 GB) (Free:273.33 GB) NTFS (Disk=0 Partition=4) Drive f: (PQSERVICE) (Fixed) (Total:15.62 GB) (Free:4.52 GB) NTFS (Disk=0 Partition=1) Drive h: (SAPHIR) (Removable) (Total:3.85 GB) (Free:0.55 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 0B8D64CF) Partition 1: (Not Active) - (Size=16 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=290 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 04030201) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2014-11-16 08:36 ==================== End Of Log ============================ |
24.11.2014, 06:40 | #6 |
| Scan 2 Und hier ist Nr.2 [CODE]Nr. 2 FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013 (ATTENTION: FRST version is 490 days old) Ran by SYSTEM on 21-11-2014 17:31:36 Running from H:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349480 2009-12-02] (Egis Technology Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2011-03-30] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated) HKLM\...\Run: [lxeamon.exe] - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] () HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-23] () HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [45568 2009-07-13] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation) HKLM-x32\...\Run: [BackupManagerTray] - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [265984 2010-01-12] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [200488 2009-10-22] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" 196609 [401192 2009-10-22] (Egis Technology Inc.) HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1288784 2010-02-23] (Dritek System Inc.) HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [ISUSScheduler] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2004-08-08] (InstallShield Software Corporation) HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x] HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356128 2013-10-09] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-11] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [TAG_A1Dashboard_Launcher.exe] - C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Launcher.exe [518712 2013-02-04] () HKLM-x32\...\Run: [MailCheck IE Broker] - "C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [1772608 2014-04-24] (1und1 Mail und Media GmbH) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] () HKU\Sabine Scholz\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2004-08-08] (InstallShield Software Corporation) HKU\Sabine Scholz\...\Run: [AlcoholAutomount] - "D:\Alcohol 52\AxAutoMntSrv.exe" -automount [x] Startup: C:\Users\Sabine Scholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO) S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-13] (Microsoft Corporation) S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( ) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305448 2009-12-02] (Egis Technology Inc.) S2 pr2amtjb; C:\Windows\system32\pr2amtjb.exe [781200 2007-08-31] (bhv Software GmbH and Co. KG) S2 TAG_Service; C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Service.exe [500792 2013-02-04] () S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] S2 StarWindServiceAE; D:\Alcohol 52\StarWind\StarWindServiceAE.exe [x] ==================== Drivers (Whitelisted) ==================== S1 acedrv05; C:\Windows\system32\drivers\acedrv05.sys [136192 2013-12-29] () S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2012-06-22] () S2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2013-04-26] (Protect Software GmbH) S2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2013-04-26] (Protect Software GmbH) S2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2013-04-26] (Protect Software GmbH) S2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2013-04-26] (Protect Software GmbH) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-02-07] () S3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [222464 2012-01-10] (Dexetek ) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2011-09-09] (Huawei Technologies Co., Ltd.) S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO) S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-22] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-22] (Kaspersky Lab ZAO) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-09-23] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation) S0 pe3amtjb; C:\Windows\System32\drivers\pe3amtjb.sys [72848 2007-08-31] (bhv Software GmbH and Co. KG) S1 prodrv04; C:\Windows\SysWow64\drivers\prodrv04.sys [114496 2014-04-11] (Protection Technology Co.) S0 ps7amtjb; C:\Windows\System32\drivers\ps7amtjb.sys [102552 2007-08-31] (bhv Software GmbH and Co. KG) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-11-10] (Duplex Secure Ltd.) S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S1 prodrv04; \SystemRoot\System32\drivers\prodrv04.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\system32\drivers\acedrv05.sys 056FAAFF049CA7237194065423307189 C:\Windows\system32\drivers\acedrv07.sys 6E9C8B324980AFE454C6F7762E2B4478 C:\Windows\system32\drivers\acedrv10.sys 156BC3F91DCF43510C28E75CC5CEE3C7 C:\Windows\system32\drivers\acedrv10.sys 156BC3F91DCF43510C28E75CC5CEE3C7 C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306 C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306 C:\Windows\system32\drivers\acehlp10.sys 1AFE4120F70962B4A773008557F660CD C:\Windows\system32\drivers\acehlp10.sys 1AFE4120F70962B4A773008557F660CD C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atipmdag.sys 52679612D742BF74CA1BA6AB86DDF431 C:\Windows\System32\DRIVERS\atikmpag.sys 414E0788920A8C856032BE2CBF29F984 C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\drivers\AmUStor.SYS 391887990CDAA83DE5C56C3FDE966DA1 C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys AFD6C8D783E100F7C46277C45175A96F C:\Windows\System32\drivers\AtiHdmi.sys FB7602C5C508BE281368AAE0B61B51C6 C:\Windows\System32\DRIVERS\atksgt.sys F88EF61BCD43ADDF2C9555430C16CD96 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868 C:\Windows\System32\drivers\DxVGrb.sys E8DB612800905FB808F219668D79A38F C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318 C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 55E0EDA185869F7EA67EA97FD0655B39 C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ew_jucdcacm.sys 91971BCD780D6063DF90DE4F1DF10C2F C:\Windows\System32\DRIVERS\ew_jubusenum.sys CCE3DB0BA3C615CAA321EB1301532688 C:\Windows\System32\DRIVERS\ew_juextctrl.sys C4BC37B9E5E54A50B2AA458F1FCA428C C:\Windows\System32\DRIVERS\ew_juwwanecm.sys B3D171E4ED0B89AD49049556541F1DC3 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys 42E00996DFC13C46366689C0EA8ABC5E C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Impcd.sys 36FDF367A1DABFF903E2214023D71368 C:\Windows\System32\drivers\RTKVHD64.sys 53019327813FF5AB2964B33B2C61307C C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\k57nd60a.sys 9D7EA8C7215D8D4AE7BE110EEE61085D C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kl1.sys 795EC29BA21F1D948FD6FD740C00B599 C:\Windows\System32\DRIVERS\klif.sys FEA38D7024CD9C27D58A862A19DCFA14 C:\Windows\System32\DRIVERS\klim6.sys 31B69BFF28348503E4BD10C2A4F66D05 C:\Windows\System32\DRIVERS\klkbdflt.sys AEB50941C6D67128B14F88DB9917C4E0 C:\Windows\System32\DRIVERS\klmouflt.sys 72CF64FBF38CD681FA7F37176047E967 C:\Windows\System32\DRIVERS\kltdi.sys 45ECF097BC6330C2054D7D43B7AD822B C:\Windows\System32\DRIVERS\kneps.sys 1FCB657B581CC4DF17FD6571F93602DE C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1E62x64.sys 2AC603C3188C704CFCE353659AA7AD71 C:\Windows\System32\DRIVERS\lirsgt.sys 8E4CA9AFD55EF6B509C80A8715ABF8C6 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3 C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3 C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589 C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85 C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262 C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\system32\drivers\NTIDrvr.sys 64DDD0DEE976302F4BD93E5EFCC2F013 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\pe3amtjb.sys 75C372ECA8166FCD8DAEBF584F0EEB18 C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\prodrv04.sys 4AA86B6F5FDF5ED32ADC723B0E5B052D C:\Windows\System32\drivers\ps7amtjb.sys FE43C37D52FF55DE7B84CAECF75DD105 C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\drivers\RTL2832UBDA.sys D13C4208857D33C6ECFE51EF3C77C322 C:\Windows\System32\Drivers\RTL2832UUSB.sys 0E8FB7D6F52DC517EE1382C454ACFD0A C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys 181C0177171D2122689084FDBE13163A C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\sptd.sys 602884696850C86434530790B110E8EB C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys ED6D1424E5B0C21A57B28DD8508D6843 C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TurboB.sys 825E7A1F48FB8BCFBA27C178AAB4E275 C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\system32\drivers\UBHelper.sys 2E22C1FD397A5A9FFEF55E9D1FC96C00 C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-11-21 17:21 - 2014-11-21 17:21 - 00000000 ___DC C:\FRST 2014-11-21 16:20 - 2014-11-21 16:53 - 00000000 ____C C:\Recovery.txt 2014-11-20 08:24 - 2014-11-20 08:25 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-11-20 08:24 - 2014-10-01 02:11 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-11-20 08:24 - 2014-10-01 02:11 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-11-20 08:23 - 2014-11-21 15:54 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-20 08:02 - 2014-11-20 08:24 - 00001106 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-20 08:02 - 2014-11-20 08:23 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-11-20 08:02 - 2014-10-01 02:11 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-11-19 09:52 - 2014-11-19 10:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2014-11-19 09:52 - 2014-11-19 10:22 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 09:52 - 2014-11-19 10:22 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll 2014-11-19 09:52 - 2014-11-19 10:22 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-15 13:28 - 2014-11-15 13:28 - 00083220 ____C C:\Users\Sabine Scholz\Downloads\VIE SIE WDPL GJ 2015 (1).xlsx 2014-11-15 04:06 - 2014-11-15 04:06 - 00019705 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 47.1.xlsx 2014-11-15 04:05 - 2014-11-15 04:05 - 00083301 ____C C:\Users\Sabine Scholz\Downloads\VIE SIE WDPL GJ 2015.xlsx 2014-11-13 10:51 - 2014-11-13 14:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2014-11-13 10:51 - 2014-11-13 14:16 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll 2014-11-13 10:51 - 2014-11-13 14:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2014-11-13 10:50 - 2014-11-13 14:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 10:50 - 2014-11-13 14:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 10:50 - 2014-11-13 14:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-11-13 10:50 - 2014-11-13 14:14 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-11-13 10:50 - 2014-11-13 14:14 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-11-13 10:50 - 2014-11-13 14:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-11-13 10:50 - 2014-11-13 14:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-11-13 10:49 - 2014-11-13 14:14 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 10:49 - 2014-11-13 14:14 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-11-13 10:49 - 2014-11-13 14:14 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-11-13 10:49 - 2014-11-13 14:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 10:49 - 2014-11-13 14:14 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 10:49 - 2014-11-13 14:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-11-13 10:47 - 2014-11-13 14:13 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-11-13 10:47 - 2014-11-13 14:13 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 10:47 - 2014-11-13 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 10:47 - 2014-11-13 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL 2014-11-13 10:47 - 2014-11-13 14:12 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 10:47 - 2014-11-13 14:12 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll 2014-11-13 10:47 - 2014-11-13 14:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll 2014-11-13 10:47 - 2014-11-13 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 10:46 - 2014-11-13 14:02 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-11-13 10:46 - 2014-11-13 14:02 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll 2014-11-13 10:46 - 2014-11-13 14:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 10:46 - 2014-11-13 14:01 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll 2014-11-13 10:46 - 2014-11-13 14:01 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 10:45 - 2014-11-13 14:00 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2014-11-13 10:45 - 2014-11-13 14:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 10:37 - 2014-11-11 10:37 - 00020224 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 46.4.xlsx 2014-11-05 10:46 - 2014-11-05 10:46 - 00020229 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 45.4.xlsx 2014-11-04 11:03 - 2014-11-20 13:16 - 00001680 ____C C:\Windows\setupact.log 2014-11-04 11:03 - 2014-11-04 11:03 - 00000000 ____C C:\Windows\setuperr.log 2014-11-02 05:36 - 2014-11-02 05:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\0258031A.sys 2014-11-01 13:29 - 2014-11-01 13:29 - 00019830 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 45.xlsx 2014-11-01 13:27 - 2014-11-01 13:27 - 00018268 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE RU KW. 45.2.xlsx 2014-10-25 23:36 - 2014-10-26 05:25 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\53BF4C62.sys 2014-10-24 10:37 - 2014-10-24 10:37 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\56AA2A10.sys 2014-10-24 10:36 - 2014-10-24 10:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\7961296A.sys 2014-10-22 12:36 - 2014-10-22 12:36 - 00045394 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 43.2.xlsx 2014-10-22 11:34 - 2014-10-22 11:34 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Little Games Company 2014-10-22 11:34 - 2014-10-22 11:34 - 00000000 ___DC C:\ProgramData\Little Games Company 2014-10-22 09:01 - 2014-10-22 09:01 - 00000906 ____C C:\Users\Public\Desktop\Zulu's Zoo - Ein tierisches Vergnügen.lnk 2014-10-22 07:53 - 2014-10-22 08:05 - 167996944 ____C (INTENIUM GmbH) C:\Users\Sabine Scholz\Downloads\ZulusZooEinTierischesVergnuegen.exe 2014-10-22 07:37 - 2014-10-22 07:37 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\641903E7.sys ==================== One Month Modified Files and Folders ======= 2014-11-21 17:21 - 2014-11-21 17:21 - 00000000 ___DC C:\FRST 2014-11-21 16:53 - 2014-11-21 16:20 - 00000000 ____C C:\Recovery.txt 2014-11-21 16:20 - 2011-03-30 02:30 - 00000000 ___DC C:\Recovery 2014-11-21 15:56 - 2013-04-01 01:50 - 00000000 ___DC C:\Program Files (x86)\DVBViewer TERRATEC Edition 2014-11-21 15:56 - 2012-02-24 22:19 - 00000000 ___DC C:\Program Files (x86)\1und1Softwareaktualisierung 2014-11-21 15:56 - 2011-10-27 09:12 - 00000000 ___DC C:\Program Files (x86)\Audacity 1.3 Beta 2014-11-21 15:56 - 2011-03-30 02:37 - 00000000 ___DC C:\Program Files (x86)\CyberLink 2014-11-21 15:56 - 2010-02-10 18:42 - 00000000 ___DC C:\Program Files (x86)\Acer GameZone 2014-11-21 15:56 - 2010-02-10 18:17 - 00000000 ___DC C:\Program Files (x86)\Acer 2014-11-21 15:56 - 2010-02-10 18:03 - 00000000 ___DC C:\Program Files (x86)\AmIcoSingLun 2014-11-21 15:55 - 2011-11-06 09:37 - 00000000 ___DC C:\Program Files (x86)\Free WMA to MP3 Converter 2014-11-21 15:55 - 2011-04-07 07:18 - 00000000 ___DC C:\Program Files (x86)\HappyFoto-Designer 2014-11-21 15:55 - 2010-02-10 18:52 - 00000000 ___DC C:\Program Files (x86)\EgisTec MyWinLocker 2014-11-21 15:55 - 2010-02-10 18:52 - 00000000 ___DC C:\Program Files (x86)\EgisTec IPS 2014-11-21 15:55 - 2010-02-10 18:03 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information 2014-11-21 15:54 - 2014-11-20 08:23 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-21 15:54 - 2012-12-26 12:32 - 00000000 ___DC C:\Program Files\Conexant 2014-11-21 15:54 - 2012-04-03 04:24 - 00000000 ___DC C:\Program Files (x86)\Pixum 2014-11-21 15:54 - 2011-12-11 07:57 - 00000000 ___DC C:\Program Files (x86)\My Video Converter 2014-11-21 15:54 - 2011-11-04 07:25 - 00000000 ___DC C:\Program Files (x86)\Lame For Audacity 2014-11-21 15:54 - 2011-10-03 12:17 - 00000000 ___DC C:\Program Files\Lexmark 2014-11-21 15:54 - 2011-07-17 10:32 - 00000000 ___DC C:\Program Files\DivX 2014-11-21 15:54 - 2011-06-14 09:15 - 00000000 ___DC C:\Program Files (x86)\Lexmark Toolbar 2014-11-21 15:54 - 2011-06-14 09:14 - 00000000 ___DC C:\Program Files (x86)\Lexmark S300-S400 Series 2014-11-21 15:54 - 2011-06-11 03:42 - 00000000 ___DC C:\Program Files (x86)\QuickTime 2014-11-21 15:54 - 2011-04-05 23:41 - 00000000 ___DC C:\Program Files (x86)\OpenAL 2014-11-21 15:54 - 2011-03-30 02:41 - 00000000 ___DC C:\Program Files (x86)\Windows Live 2014-11-21 15:54 - 2011-03-30 02:36 - 00000000 ___DC C:\Program Files\Intel 2014-11-21 15:54 - 2011-03-30 02:36 - 00000000 ___DC C:\Program Files (x86)\Launch Manager 2014-11-21 15:54 - 2011-03-30 02:34 - 00000000 ___DC C:\Program Files\Realtek 2014-11-21 15:54 - 2010-02-10 18:38 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office Suite Activation Assistant 2014-11-21 15:54 - 2010-02-10 18:21 - 00000000 ___DC C:\Program Files (x86)\Microsoft Works 2014-11-21 15:54 - 2010-02-10 18:17 - 00000000 ___DC C:\Program Files\Acer 2014-11-21 15:54 - 2010-02-10 18:03 - 00000000 ___DC C:\Program Files\Broadcom 2014-11-21 15:54 - 2010-02-10 17:53 - 00000000 ___DC C:\Program Files\Windows Journal 2014-11-21 15:54 - 2009-07-13 21:32 - 00000000 ___DC C:\Program Files\DVD Maker 2014-11-21 15:54 - 2009-07-13 19:20 - 00000000 ___DC C:\Program Files\Common Files\System 2014-11-21 15:53 - 2011-06-14 09:22 - 00000000 ___DC C:\ProgramData\Ezprint 2014-11-21 15:53 - 2011-06-11 03:42 - 00000000 ___DC C:\ProgramData\Apple Computer 2014-11-21 15:53 - 2011-04-03 23:22 - 00000000 ___DC C:\ProgramData\lx_Cats 2014-11-21 15:53 - 2010-02-10 18:19 - 00000000 ___DC C:\ProgramData\Microsoft Help 2014-11-21 15:53 - 2010-02-10 18:03 - 00000000 ___DC C:\ProgramData\AmUStor 2014-11-21 15:48 - 2013-02-22 12:46 - 00000000 ___DC C:\Users\Sabine Scholz\Games 2014-11-21 15:48 - 2012-11-10 09:24 - 00000000 ___DC C:\Users\Sabine Scholz\setup 2014-11-21 15:48 - 2012-06-15 09:06 - 00000000 ___DC C:\ProgramData\Norton 2014-11-21 15:48 - 2012-02-24 22:19 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\1&1 Mail & Media GmbH 2014-11-21 15:48 - 2011-11-06 09:53 - 00000000 ___DC C:\Users\Sabine Scholz\Anwendungen 2014-11-21 15:48 - 2011-09-22 08:38 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Supermarket Mania 2 2014-11-21 15:48 - 2011-04-16 11:39 - 00000000 ___DC C:\Users\Public\CyberLink 2014-11-21 15:48 - 2011-04-16 11:38 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Local\Cyberlink 2014-11-21 15:48 - 2011-03-31 10:19 - 00000000 ___DC C:\ProgramData\mpDRM 2014-11-21 15:48 - 2011-03-30 02:44 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Local\Microsoft Help 2014-11-21 15:48 - 2010-02-10 18:06 - 00000000 ___DC C:\Windows\Downloaded Installations 2014-11-21 15:48 - 2009-10-05 13:35 - 00000000 ___DC C:\Windows\DeployWinRE2 2014-11-21 15:47 - 2013-07-22 10:33 - 00000000 ___DC C:\Windows\ELAMBKUP 2014-11-21 15:47 - 2011-03-30 12:11 - 00000000 ___DC C:\Windows\NAPP_Dism_Log 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\bg-BG 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\ar-SA 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\PolicyDefinitions 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing 2014-11-21 15:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2014-11-21 15:47 - 2009-03-12 01:30 - 00000000 ___DC C:\Windows\LP 2014-11-21 15:45 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\com 2014-11-21 15:44 - 2011-03-30 12:17 - 00000000 ___DC C:\Windows\System32\de 2014-11-21 15:44 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\Dism 2014-11-21 15:43 - 2011-07-07 12:00 - 00000000 ___DC C:\Windows\System32\SPReview 2014-11-21 15:43 - 2011-07-07 07:06 - 00000000 ___DC C:\Windows\System32\EventProviders 2014-11-21 15:43 - 2010-02-10 18:42 - 00000000 ___DC C:\Windows\SysWOW64\Drivers\nti 2014-11-21 15:43 - 2009-07-13 21:32 - 00000000 ___DC C:\Windows\System32\WinBioPlugIns 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\migwiz 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\lv-LV 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\lt-LT 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\InstallShield 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\hr-HR 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\he-IL 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\et-EE 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\com 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\bg-BG 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\ar-SA 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\zh-HK 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\uk-UA 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\tr-TR 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\th-TH 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\sysprep 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\sr-Latn-CS 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\sl-SI 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\sk-SK 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\Setup 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\ro-RO 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\oobe 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\migwiz 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\lv-LV 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\lt-LT 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\hr-HR 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\he-IL 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\et-EE 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml 2014-11-21 15:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\icsxml 2014-11-21 15:42 - 2011-03-30 02:34 - 00000000 ___DC C:\Windows\SysWOW64\RTCOM 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\zh-HK 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\uk-UA 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\tr-TR 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\th-TH 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\sr-Latn-CS 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\sl-SI 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\sk-SK 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\Setup 2014-11-21 15:42 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\ro-RO 2014-11-20 13:24 - 2011-03-31 04:05 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-20 13:16 - 2014-11-04 11:03 - 00001680 ____C C:\Windows\setupact.log 2014-11-20 13:16 - 2009-07-13 21:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT 2014-11-20 09:22 - 2013-07-22 10:33 - 00000000 ___DC C:\ProgramData\Kaspersky Lab 2014-11-20 09:22 - 2011-03-30 02:30 - 01198174 ____C C:\Windows\WindowsUpdate.log 2014-11-20 08:45 - 2011-03-31 04:05 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-20 08:42 - 2012-10-05 13:00 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-20 08:25 - 2014-11-20 08:24 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-11-20 08:24 - 2014-11-20 08:02 - 00001106 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-20 08:24 - 2012-10-16 10:30 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Malwarebytes 2014-11-20 08:23 - 2014-11-20 08:02 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-11-20 08:23 - 2013-07-28 11:19 - 00000000 __RDC C:\Users\Sabine Scholz\Dropbox 2014-11-20 08:23 - 2013-07-28 11:15 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Dropbox 2014-11-20 08:08 - 2011-03-30 12:17 - 00699682 ____C C:\Windows\System32\perfh007.dat 2014-11-20 08:08 - 2011-03-30 12:17 - 00149790 ____C C:\Windows\System32\perfc007.dat 2014-11-20 08:08 - 2009-07-13 21:13 - 01620684 ____C C:\Windows\System32\PerfStringBackup.INI 2014-11-20 07:58 - 2009-07-13 20:45 - 00025840 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-20 07:57 - 2009-07-13 20:45 - 00025840 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-20 07:52 - 2011-04-03 23:18 - 00208674 ____C C:\ProgramData\lxeascan.log 2014-11-19 10:22 - 2014-11-19 09:52 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2014-11-19 10:22 - 2014-11-19 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 10:22 - 2014-11-19 09:52 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll 2014-11-19 10:22 - 2014-11-19 09:52 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 09:37 - 2011-04-05 13:16 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{26CE676E-40F2-4436-9BA5-03CC5803401B} 2014-11-15 13:28 - 2014-11-15 13:28 - 00083220 ____C C:\Users\Sabine Scholz\Downloads\VIE SIE WDPL GJ 2015 (1).xlsx 2014-11-15 04:06 - 2014-11-15 04:06 - 00019705 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 47.1.xlsx 2014-11-15 04:05 - 2014-11-15 04:05 - 00083301 ____C C:\Users\Sabine Scholz\Downloads\VIE SIE WDPL GJ 2015.xlsx 2014-11-15 00:38 - 2011-03-31 04:05 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 00:38 - 2011-03-31 04:05 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-15 00:37 - 2013-07-28 11:19 - 00001052 ____C C:\Users\Sabine Scholz\Desktop\Dropbox.lnk 2014-11-15 00:37 - 2013-07-28 11:16 - 00002479 ____C C:\Windows\wininit.ini 2014-11-14 04:58 - 2009-07-13 20:45 - 00419264 ____C C:\Windows\System32\FNTCACHE.DAT 2014-11-13 14:17 - 2014-05-06 11:59 - 00000000 __SDC C:\Windows\System32\CompatTel 2014-11-13 14:16 - 2014-11-13 10:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2014-11-13 14:16 - 2014-11-13 10:51 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll 2014-11-13 14:16 - 2014-11-13 10:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2014-11-13 14:16 - 2014-11-13 10:50 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 14:16 - 2014-11-13 10:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 14:14 - 2014-11-13 10:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-11-13 14:14 - 2014-11-13 10:50 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-11-13 14:14 - 2014-11-13 10:50 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-11-13 14:14 - 2014-11-13 10:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-11-13 14:14 - 2014-11-13 10:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-11-13 14:14 - 2014-11-13 10:49 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 14:14 - 2014-11-13 10:49 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-11-13 14:14 - 2014-11-13 10:49 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-11-13 14:14 - 2014-11-13 10:49 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 14:14 - 2014-11-13 10:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 14:14 - 2014-11-13 10:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-11-13 14:13 - 2014-11-13 10:47 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-11-13 14:13 - 2014-11-13 10:47 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 14:13 - 2014-11-13 10:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 14:13 - 2014-11-13 10:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL 2014-11-13 14:12 - 2014-11-13 10:47 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 14:12 - 2014-11-13 10:47 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll 2014-11-13 14:12 - 2014-11-13 10:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 14:11 - 2013-08-11 09:00 - 00000000 ___DC C:\Windows\System32\MRT 2014-11-13 14:03 - 2014-11-13 10:47 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll 2014-11-13 14:03 - 2014-11-13 10:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 14:03 - 2011-07-07 12:08 - 103374192 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-11-13 14:02 - 2014-11-13 10:46 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-11-13 14:02 - 2014-11-13 10:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll 2014-11-13 14:02 - 2014-11-13 10:46 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 14:01 - 2014-11-13 10:46 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll 2014-11-13 14:01 - 2014-11-13 10:46 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 14:00 - 2014-11-13 10:45 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2014-11-13 14:00 - 2014-11-13 10:45 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-13 13:23 - 2011-09-26 08:57 - 00000000 ___DC C:\Windows\Minidump 2014-11-12 11:41 - 2012-10-05 13:00 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 11:41 - 2012-10-05 13:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-12 11:41 - 2011-07-07 12:12 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 10:37 - 2014-11-11 10:37 - 00020224 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 46.4.xlsx 2014-11-05 10:46 - 2014-11-05 10:46 - 00020229 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 45.4.xlsx 2014-11-04 11:03 - 2014-11-04 11:03 - 00000000 ____C C:\Windows\setuperr.log 2014-11-04 11:03 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-04 05:30 - 2011-03-31 02:45 - 00275080 ____C (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2014-11-02 05:36 - 2014-11-02 05:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\0258031A.sys 2014-11-01 13:29 - 2014-11-01 13:29 - 00019830 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 45.xlsx 2014-11-01 13:27 - 2014-11-01 13:27 - 00018268 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE RU KW. 45.2.xlsx 2014-10-27 10:39 - 2013-03-16 11:11 - 00002179 ____C C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-26 05:25 - 2014-10-25 23:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\53BF4C62.sys 2014-10-24 10:37 - 2014-10-24 10:37 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\56AA2A10.sys 2014-10-24 10:36 - 2014-10-24 10:36 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\7961296A.sys 2014-10-22 12:36 - 2014-10-22 12:36 - 00045394 ____C C:\Users\Sabine Scholz\Downloads\SIE VIE KW. 43.2.xlsx 2014-10-22 11:34 - 2014-10-22 11:34 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\Little Games Company 2014-10-22 11:34 - 2014-10-22 11:34 - 00000000 ___DC C:\ProgramData\Little Games Company 2014-10-22 10:57 - 2013-09-20 06:56 - 00000000 ___DC C:\Users\Sabine Scholz\AppData\Roaming\8floor 2014-10-22 09:01 - 2014-10-22 09:01 - 00000906 ____C C:\Users\Public\Desktop\Zulu's Zoo - Ein tierisches Vergnügen.lnk 2014-10-22 09:01 - 2011-04-18 04:02 - 00001135 ____C C:\Users\Public\Desktop\GAME CENTER.lnk 2014-10-22 08:05 - 2014-10-22 07:53 - 167996944 ____C (INTENIUM GmbH) C:\Users\Sabine Scholz\Downloads\ZulusZooEinTierischesVergnuegen.exe 2014-10-22 07:37 - 2014-10-22 07:37 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\641903E7.sys Files to move or delete: ==================== C:\ProgramData\FullRemove.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-10-15 08:52] - [2014-10-15 09:32] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=Y: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {6501f6f4-5b0b-11e0-8972-ae53d567e40c} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {6501f6f4-5b0b-11e0-8972-ae53d567e40c} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[C:]\Recovery\6501f6f6-5b0b-11e0-8972-ae53d567e40c\Winre.wim,{6501f6f7-5b0b-11e0-8972-ae53d567e40c} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\6501f6f6-5b0b-11e0-8972-ae53d567e40c\Winre.wim,{6501f6f7-5b0b-11e0-8972-ae53d567e40c} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {6501f6f4-5b0b-11e0-8972-ae53d567e40c} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {6501f6f7-5b0b-11e0-8972-ae53d567e40c} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\6501f6f6-5b0b-11e0-8972-ae53d567e40c\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3956.43 MB Available physical RAM: 3230.38 MB Total Pagefile: 3954.58 MB Available Pagefile: 3231.93 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:150.88 GB) NTFS (Disk=0 Partition=3) Drive e: (DATA) (Fixed) (Total:290.4 GB) (Free:273.33 GB) NTFS (Disk=0 Partition=4) Drive f: (PQSERVICE) (Fixed) (Total:15.62 GB) (Free:4.52 GB) NTFS (Disk=0 Partition=1) Drive h: (SAPHIR) (Removable) (Total:3.85 GB) (Free:0.55 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 0B8D64CF) Partition 1: (Not Active) - (Size=16 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=290 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 04030201) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2014-11-16 08:36 ==================== End Of Log ============================ --- --- --- LG |
24.11.2014, 20:23 | #7 |
/// the machine /// TB-Ausbilder | Desktopsymbole + Hintergrundbild + Taskleiste weg Schalte den Rechner mal komplett aus. Dann neu starten. Im normalen Modus. Taskmanager starten > Datei > Neuer Task explorer.exe und Enter drücken.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.11.2014, 21:58 | #8 |
| Desktopsymbole + Hintergrundbild + Taskleiste weg Ich hab jetzt versucht das zu machen. Allerdings braucht der Laptop gute 15 Minuten bis er sich in normalen Modus hochfaehrt bis zur Passworteingabe und danach nochmal gute 5 Minuten bis er eigentlich den Desktop anzeigen sollte, was er jedoch nicht macht Stattdessen zeigt er mir folgende Fehlermeldung. Code:
ATTFilter dwm.exe - Anwendungsfehler Die Anwendung konnte nicht korrekt gestartet werdrn (0xc0000006). Klicken Sie auf "Ok", um die Anwendung zu schliessen. Soll ichs anders irgenwie versuchen, hab den Laptop jetzt dann komplett abgedreht. |
25.11.2014, 17:38 | #9 |
/// the machine /// TB-Ausbilder | Desktopsymbole + Hintergrundbild + Taskleiste weg Wenn Du in der Recovery bist, hast Du dort schon mal ne Systemwiederherstellung versucht auf einen Punkt vor dem Problem?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.11.2014, 17:53 | #10 |
| Desktopsymbole + Hintergrundbild + Taskleiste weg Ja, aber er hat mir keinen Punkt für die Wiederherstellung gegeben. Sonst hätte ich das schon versucht. Und mit der Starthilfe bin ich auch nicht weitergekommen. Die Fehlermeldung mit der Anwendung ist auch erst danach aufgetaucht. Seitdem braucht er auch so extrem lang beim hochstarten. Deshalb hab ich mich auch hier gemeldet, weil ich sonst keine Idee mehr habe? Andere Frage, gibt's ne Möglichkeit die Daten noch zu sichern z.B auf eine externe Festplatte? Und kann es sein das auf einmal das Betriebssystem was hat? Ich hab nämlich zuvor eine Datenträgerbereinigung gemacht und dabei wurde einiges gelöscht. Ist es möglich, dass auch benötigte Anwendungen (Treiber, Cookies, etc.) dabei gelöscht worden sind und es deshalb nicht mehr funktioniert? LG |
26.11.2014, 20:49 | #11 |
/// the machine /// TB-Ausbilder | Desktopsymbole + Hintergrundbild + Taskleiste weg nein bei einer Datenträgerbereinigung kann das nicht passieren. Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter LastRegBack: 2014-11-16 08:36
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.11.2014, 22:03 | #12 |
| Unerwarteter Ein-/Ausgabefehler Ich fuerchte ich muss mir wohl oder uebel doch einen neuen Laptop zulegen, weil ich keinen deiner mir helfen wollenden Schritte ausfuehren kann. Beim jetztigen erneuten hochstarten schreibt er mir ploetzlich folgende Meldung: Code:
ATTFilter Windows hat ein Problem bei der Kommunikation mit einem am Computer angeschlossenen Geraet erkannt. Dieser Fehlerkann durchAbtrennen eines Wechselspeichergeraets (z B. Ein USB- Laufwerk) waehrend der Verwendung desGeraets oder durch eine fehlerhafte Hardware (z. B. eine nicht reagierende Festplatte odet ein CD-Rom Laufwerk) verursacht werden. Vergewissern Sie sich, das alle Wechselspeichergreaete ordnungsgemaess angeschlossen sind, und Starzen Sie den Computer neu. Wenden Sie sich an den Harswarehersteller, wenn dirse Fehkermeldung weiterhin angezeigt wird. Status 0x00000e9 Info: Unerwarteter Ein-/Ausgabefehler Ausserdem wir der Laptop auf der Seite wo das Geblaese ist ungewoehnlich warm bzw. Heiss Lg |
27.11.2014, 19:39 | #13 |
/// the machine /// TB-Ausbilder | Desktopsymbole + Hintergrundbild + Taskleiste weg Du willst aber schon in die Recovery starten oder? Um den Fix auszuführen? Ansonsten musste wohl Neuaufsetzen. Nen neuen Laptop brauchts da eigentlich nicht denke ich.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.11.2014, 21:02 | #14 |
| Desktopsymbole + Hintergrundbild + Taskleiste weg Ja, da versuch ich reinzukommen. Ich starte den Laptop, druecke dann die F8 Taste und geh dann auf Computer reparieren. Er fangt dann an die Daten zu laden und dann schreibt er mir die o.a. Fehlermeldung. Ich hab dann die Wahl zwischen beenden und weiter und dann bietet er mir die Starthilfe an und faengt von vorne an zu laden. Das Ergebnis ist aber letztendlich dasselbe, dass er die Feglermeldung schreibt und so kann man das nur weiter im Kreis spielen. Ins Bios komm ich aber ganz normal. Das hab ich noch versucht ob ich da ueberhaupt reinkomm. Fuer neues Aufsetzen, soll ich da die Recovery Cds verwenden die ich nach dem Kauf erstellt hab? Es sind drei plus eine fuer die Treiber. Aber wenn ich neu aufsetze sind meine Daten wahrscheinlich weg oder? Oder gibts da noch eine Moeglichkeit die zu sichern? Lg |
28.11.2014, 18:16 | #15 |
/// the machine /// TB-Ausbilder | Desktopsymbole + Hintergrundbild + Taskleiste weg Du kannst mit ner Linux Live CD booten und vorher Daten sichern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Desktopsymbole + Hintergrundbild + Taskleiste weg |
andere, anderen, automatische, bildschirm, durchgeführt, eingabe, eingefangen, folge, folgendes, funktioniert, interne, internet, kaspersky, komplett, laptop, lädt, musikdateien, nichts, problem, programme, schadsoftware eingefangen, sämtliche, taskleiste, taskmanager, virenscan, virus |