Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   win32/small.ca + deutlich verlangsamter PC (https://www.trojaner-board.de/139833-win32-small-ca-deutlich-verlangsamter-pc.html)

que2trash 14.08.2013 11:58
win32/small.ca + deutlich verlangsamter PC
 
Hallo,

heute Morgen hat mir Windows angezeigt, dass ich vom "win32/small.ca" befallen sei. Mein Virenscanner (Sophos) findet aber nichts.
Zudem ist mein Laptop extrem langsamer als normal (Laut Taskmanager CPU-Leistung imma 40-50% mehr, als die Summe der angezeigten Prozesse angibt).

Vielleicht könnt ihr was entdecken - vielen Dank schonmal :)

schrauber 14.08.2013 12:19
hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

que2trash 14.08.2013 12:44
Hi,

danke für die schnelle Antwort - und sorry für die Umstände! Ich hatte das erst mitn den codes-tags war die Antwort zu lange, so dass eine Meldung kam, dass ich das Ganze zippen solle.

Hier aber mit Codes dann in 3 Antworten:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013
Ran by S5470 (administrator) on 14-08-2013 12:03:09
Running from C:\Users\S5470\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Acronis) c:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
() c:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
() C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - c:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [597736 2011-03-24] (SANDBOXIE L.T.D)
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-07-22] (Sophos Limited)
HKLM-x32\...\Run: [Kone] - C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [1666560 2011-02-18] (ROCCAT)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - c:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - c:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-07-22] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-07-22] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Hosts: 131.188.12.8        ciscovpn.rrze.uni-erlangen.de
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DoNotTrackMe - C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\Extensions\donottrackplus@abine.com
FF Extension: Ghostery - C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\Extensions\firefox@ghostery.com
FF Extension: FoxyProxy Basic - C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\Extensions\foxyproxy@eric.h.jung
FF Extension: WOT - C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: No Name - C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
FF Extension: No Name - C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2010-09-30] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-07-22] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-07-22] (Sophos Limited)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [95976 2011-03-24] (SANDBOXIE L.T.D)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-07-22] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-07-22] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-07-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-07-22] (Sophos Limited)
R2 TryAndDecideService; c:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()

==================== Drivers (Whitelisted) ====================

R3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-08-11] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-03-24] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-03-24] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-03-24] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-03-24] ()
R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-07-22] (Sophos Limited)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [148072 2011-03-24] (SANDBOXIE L.T.D)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-07-22] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-07-22] (Sophos Plc)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-14 12:01 - 2013-08-14 12:01 - 00377856 _____ C:\Users\S5470\Desktop\3ld7i03w.exe
2013-08-14 12:00 - 2013-08-14 02:26 - 01575544 _____ (Farbar) C:\Users\S5470\Desktop\FRST64.exe
2013-08-14 11:58 - 2013-08-14 11:58 - 00050477 _____ C:\Users\S5470\Desktop\Defogger.exe
2013-08-14 11:58 - 2013-08-14 11:58 - 00000542 _____ C:\Users\S5470\Desktop\defogger_disable.log
2013-08-14 11:58 - 2013-08-14 11:58 - 00000168 _____ C:\Users\S5470\defogger_reenable
2013-08-14 11:30 - 2013-08-14 11:30 - 00000000 ____D C:\Users\S5470\AppData\Local\Sophos
2013-08-14 10:49 - 2013-08-14 10:53 - 340508784 _____ (Microsoft Corporation) C:\Users\S5470\Desktop\X16-69412.exe
2013-08-14 10:48 - 2013-08-14 10:53 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Download Manager
2013-08-14 09:23 - 2013-08-14 11:15 - 00000022 _____ C:\Windows\S.dirmngr
2013-08-13 09:30 - 2013-08-13 09:30 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2013-08-13 09:30 - 2013-08-13 09:30 - 00000000 ____D C:\Users\S5470\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-08-13 09:28 - 2010-03-31 07:17 - 02721168 _____ (Microsoft Corporation) C:\Users\S5470\Desktop\Windows7-USB-DVD-tool.exe
2013-08-13 07:59 - 2013-08-13 07:59 - 00287920 _____ C:\Windows\Minidump\081313-28095-01.dmp
2013-08-12 20:38 - 2013-08-12 20:38 - 00000985 _____ C:\Users\S5470\Desktop\FC8DAD06FB25831E373F6924794C95874B636D53.asc
2013-08-12 20:32 - 2013-08-12 20:35 - 00000000 ____D C:\Users\S5470\AppData\Roaming\.kde
2013-08-12 20:32 - 2013-08-12 20:32 - 00000000 ____D C:\Users\S5470\AppData\Local\GNU
2013-08-12 20:30 - 2013-08-12 20:30 - 00000000 ____D C:\ProgramData\GNU
2013-08-12 20:27 - 2013-08-14 11:38 - 00000000 ____D C:\Users\S5470\AppData\Roaming\gnupg
2013-08-12 20:25 - 2013-08-12 20:25 - 00000000 ____D C:\Program Files (x86)\GNU
2013-08-12 11:45 - 2013-08-12 11:45 - 00000000 ____D C:\Users\S5470\.pdfsam
2013-08-12 10:50 - 2013-08-12 10:38 - 17810632 _____ (pdfforge GmbH) C:\Users\S5470\Desktop\PDFCreator-1_7_1_setup.exe
2013-08-07 18:24 - 2013-08-07 18:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-01 08:56 - 2013-08-01 08:56 - 00000000 ____D C:\Users\S5470\AppData\Roaming\elsterformular
2013-08-01 08:51 - 2013-08-01 08:53 - 00000000 ____D C:\ProgramData\elsterformular
2013-08-01 08:51 - 2013-08-01 08:51 - 00001229 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2013-08-01 08:50 - 2013-08-01 08:50 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-07-30 19:32 - 2013-07-30 19:32 - 00000000 ____D C:\NvidiaLogging
2013-07-28 21:55 - 2013-07-28 21:55 - 00108144 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-07-26 15:09 - 2013-07-26 15:54 - 175628323 _____ C:\Users\S5470\Downloads\bgalac2.part08.rar.part
2013-07-26 14:15 - 2013-07-26 15:09 - 267386880 _____ C:\Users\S5470\Downloads\bgalac2.part07.rar
2013-07-26 13:10 - 2013-07-26 14:04 - 267386880 _____ C:\Users\S5470\Downloads\bgalac2.part06.rar
2013-07-26 12:14 - 2013-07-26 13:07 - 267386880 _____ C:\Users\S5470\Downloads\bgalac2.part01.rar
2013-07-26 11:45 - 2013-07-26 12:13 - 165336887 _____ C:\Users\S5470\Downloads\bgalac3.part32.rar
2013-07-26 11:00 - 2013-07-26 11:44 - 267386880 _____ C:\Users\S5470\Downloads\bgalac3.part31.rar
2013-07-26 10:14 - 2013-07-26 10:59 - 267386880 _____ C:\Users\S5470\Downloads\bgalac3.part30.rar
2013-07-26 08:29 - 2013-07-26 09:13 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part03.rar
2013-07-26 07:43 - 2013-07-26 08:28 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part02.rar
2013-07-26 06:58 - 2013-07-26 07:42 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part01.rar
2013-07-25 16:13 - 2013-07-25 16:13 - 00065155 _____ C:\Users\S5470\Downloads\bgalac1.part12.rar.part
2013-07-25 16:12 - 2013-07-25 16:12 - 00032419 _____ C:\Users\S5470\Downloads\bgalac1.part11.rar.part
2013-07-25 16:05 - 2013-07-25 17:23 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part10.rar
2013-07-25 15:32 - 2013-07-26 09:59 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part04.rar
2013-07-25 14:34 - 2013-07-25 15:30 - 267386880 _____ C:\Users\S5470\Downloads\bgalac4.part03.rar
2013-07-25 13:37 - 2013-07-25 14:33 - 267386880 _____ C:\Users\S5470\Downloads\bgalac4.part02.rar
2013-07-25 12:51 - 2013-07-25 13:36 - 267386880 _____ C:\Users\S5470\Downloads\bgalac4.part01.rar
2013-07-25 12:50 - 2013-07-25 12:53 - 00000000 ____D C:\Users\S5470\Downloads\Specials
2013-07-25 12:49 - 2013-07-25 12:49 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2013-07-25 12:40 - 2013-07-25 12:42 - 00000000 ____D C:\Users\S5470\AppData\Roaming\ODIN
2013-07-25 11:27 - 2013-07-25 12:04 - 223217151 _____ C:\Users\S5470\Downloads\bgalacs.part12.rar
2013-07-25 10:41 - 2013-07-25 11:26 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part08.rar
2013-07-25 09:56 - 2013-07-25 10:40 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part07.rar
2013-07-24 21:22 - 2013-07-25 12:50 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part11.rar
2013-07-24 20:41 - 2013-08-13 09:29 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-24 20:39 - 2013-07-24 20:39 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-07-24 20:39 - 2013-07-24 20:39 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-07-24 20:39 - 2013-07-24 20:39 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-07-24 20:39 - 2013-07-24 20:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-07-24 20:39 - 2013-07-24 20:39 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-24 20:38 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-07-24 20:38 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-07-24 20:38 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-07-24 20:38 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-07-24 20:38 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-07-24 20:38 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-24 20:38 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-24 20:38 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-07-24 20:38 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-07-24 20:38 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-24 20:38 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-07-24 20:38 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-07-24 20:38 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-07-24 20:38 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-07-24 20:38 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-24 20:38 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-07-24 20:38 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-07-24 20:38 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-07-24 20:38 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-07-24 20:38 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-24 20:38 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-07-24 20:38 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-07-24 20:38 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-24 20:38 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-24 20:37 - 2013-07-24 20:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-24 20:35 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-07-24 20:35 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-07-24 20:35 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-24 20:35 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-07-24 20:35 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-24 20:35 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-24 20:35 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-24 20:35 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-07-24 20:35 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-07-24 19:52 - 2013-07-24 21:21 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part10.rar
2013-07-24 18:58 - 2013-07-24 18:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-24 18:58 - 2013-07-24 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-24 18:32 - 2013-07-24 19:51 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part09.rar
2013-07-24 17:12 - 2013-07-24 18:31 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part06.rar
2013-07-24 15:53 - 2013-07-24 17:12 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part05.rar
2013-07-24 13:09 - 2013-07-24 14:05 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part04.rar
2013-07-24 12:24 - 2013-07-24 13:09 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part03.rar
2013-07-24 10:59 - 2013-07-24 10:59 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-24 10:53 - 2013-07-24 11:38 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part02.rar
2013-07-24 10:07 - 2013-07-24 10:52 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part01.rar
2013-07-23 14:09 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-23 14:09 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-23 09:44 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-07-23 09:44 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-07-23 09:44 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-07-23 09:44 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-07-23 09:44 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-07-23 09:44 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-07-23 09:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-07-23 09:44 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-07-23 09:44 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-07-23 09:44 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-07-23 09:44 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-07-23 09:44 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-07-23 09:44 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-07-23 09:44 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-07-23 09:44 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-07-23 00:01 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-07-23 00:01 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-07-23 00:01 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-07-23 00:01 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-07-22 23:34 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-22 23:34 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-22 23:34 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-22 23:34 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-22 23:32 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-07-22 23:32 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-07-22 23:32 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-07-22 23:32 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-07-22 23:32 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-07-22 23:32 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-07-22 23:32 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-07-22 23:32 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-07-22 23:15 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-07-22 23:15 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-07-22 23:15 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-07-22 23:15 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-07-22 23:15 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-07-22 23:06 - 2013-07-22 23:06 - 00003190 _____ C:\Windows\System32\Tasks\{0559D6B9-2A63-47E8-ACC0-D7CE2C4AC9D4}
2013-07-22 22:32 - 2013-07-22 22:33 - 00000040 _____ C:\Windows\RUNAWAY2.INI
2013-07-22 19:47 - 2013-07-22 19:47 - 00000000 ____D C:\Users\S5470\AppData\Local\NVIDIA
2013-07-22 19:46 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-22 19:46 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-22 19:45 - 2013-07-22 19:45 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-22 19:44 - 2013-07-22 19:44 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-22 19:44 - 2011-07-30 00:23 - 00000000 ____D C:\Users\UpdatusUser\Documents\Visual Studio 2008
2013-07-22 19:44 - 2011-07-29 10:28 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2013-07-22 19:18 - 2013-07-22 19:39 - 00000000 ____D C:\14306d99315203019f385abb0a
2013-07-22 19:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-07-22 19:18 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-07-22 19:18 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-07-22 19:18 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-07-22 19:18 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-07-22 19:17 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-07-22 19:17 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-07-22 19:15 - 2013-08-12 20:39 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Notepad++
2013-07-22 19:15 - 2013-07-22 19:15 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-22 19:15 - 2013-07-22 19:15 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-22 19:14 - 2013-07-22 19:14 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BestPractice
2013-07-22 19:14 - 2013-07-22 19:14 - 00000000 ____D C:\Program Files (x86)\BestPractice
2013-07-22 19:01 - 2013-07-22 19:01 - 00000000 ____D C:\Users\S5470\AppData\Local\Macromedia
2013-07-22 18:57 - 2013-07-28 21:40 - 00009749 _____ C:\Users\S5470\Desktop\Einkauf.xlsx
2013-07-22 18:47 - 2013-07-22 18:47 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-22 18:47 - 2013-07-22 18:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-22 18:47 - 2013-07-22 18:47 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-22 18:47 - 2013-07-22 18:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-22 18:47 - 2013-07-22 18:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-22 18:47 - 2013-07-22 18:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-22 18:47 - 2013-07-22 18:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-22 18:47 - 2013-07-22 18:47 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-22 18:47 - 2013-07-22 18:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-22 18:47 - 2013-07-22 18:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-22 18:47 - 2013-07-22 18:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-22 18:46 - 2013-07-22 18:46 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-22 18:43 - 2013-07-22 18:43 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-22 18:40 - 2013-07-22 18:56 - 00011686 _____ C:\Windows\IE10_main.log
2013-07-22 18:38 - 2013-08-14 11:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 18:38 - 2013-07-22 18:42 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-22 18:38 - 2013-07-22 18:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 18:38 - 2013-07-22 18:38 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-22 18:27 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-22 18:27 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-22 18:27 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-22 18:27 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-22 18:27 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-22 18:27 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-07-22 18:27 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-22 18:27 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-22 18:27 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-22 18:27 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-07-22 18:27 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-22 18:27 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-22 18:27 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-07-22 18:27 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-07-22 18:27 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-07-22 18:27 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-07-22 18:27 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-07-22 18:27 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-07-22 18:27 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-07-22 18:27 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-07-22 18:27 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-07-22 18:27 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-07-22 18:26 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-07-22 18:26 - 2012-11-30 07:45 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-07-22 18:26 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-07-22 18:26 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-07-22 18:26 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-07-22 18:26 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-22 18:26 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-07-22 18:26 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-07-22 18:26 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-07-22 18:26 - 2012-11-30 01:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-07-22 18:24 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-22 18:24 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-22 18:24 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-22 18:24 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-22 18:24 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-22 18:24 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-22 18:24 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-22 18:24 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-22 18:24 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-07-22 18:24 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-07-22 18:24 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-07-22 18:24 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-07-22 18:24 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-07-22 18:24 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-07-22 18:24 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-07-22 18:24 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-07-22 18:24 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-07-22 18:24 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-07-22 18:24 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-07-22 18:24 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-07-22 18:24 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-07-22 18:24 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-07-22 18:24 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-07-22 18:24 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-07-22 18:24 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-07-22 18:24 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-07-22 18:24 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-07-22 18:24 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-07-22 18:24 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-07-22 18:24 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-07-22 18:24 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-07-22 18:24 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-07-22 18:24 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-07-22 18:24 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-07-22 18:24 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-07-22 18:24 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-07-22 18:24 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-07-22 18:24 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-07-22 18:24 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-07-22 18:24 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-07-22 18:24 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-07-22 18:23 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-07-22 18:23 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-07-22 18:23 - 2013-01-04 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-07-22 18:23 - 2013-01-04 04:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-07-22 18:23 - 2013-01-04 04:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-07-22 18:23 - 2012-11-09 07:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-22 18:23 - 2012-11-09 06:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-22 18:22 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-22 18:22 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-22 18:22 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-22 18:22 - 2013-01-04 04:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-07-22 18:22 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-07-22 18:22 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-07-22 18:22 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-07-22 18:22 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-22 18:22 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-22 18:22 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-07-22 18:22 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-07-22 18:22 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-07-22 18:22 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-07-22 18:22 - 2012-06-02 07:48 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-07-22 18:22 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-07-22 18:22 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2013-07-22 18:22 - 2011-11-17 08:35 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-07-22 18:22 - 2011-11-17 08:35 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-07-22 18:22 - 2011-11-17 08:35 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-07-22 18:22 - 2011-11-17 08:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-07-22 18:22 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-07-22 18:22 - 2011-10-26 07:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-07-22 18:22 - 2011-10-26 06:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2013-07-22 18:22 - 2010-06-26 05:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-07-22 18:22 - 2010-06-26 05:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-07-22 18:21 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-22 18:21 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-22 18:21 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-22 18:21 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-22 18:21 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-07-22 18:21 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-22 18:21 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-22 18:21 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-07-22 18:21 - 2012-04-26 07:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2013-07-22 18:21 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-07-22 18:21 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2013-07-22 18:21 - 2012-04-07 14:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-07-22 18:21 - 2012-04-07 13:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-07-22 18:21 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-07-22 18:21 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-07-22 18:21 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2013-07-22 18:21 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2013-07-22 18:21 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2013-07-22 18:21 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2013-07-22 18:20 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-07-22 18:20 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-07-22 18:20 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-07-22 18:20 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-07-22 18:20 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-07-22 18:20 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-07-22 18:20 - 2012-08-24 20:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-07-22 18:20 - 2012-08-24 18:57 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-07-22 18:20 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-07-22 18:20 - 2012-07-06 22:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-07-22 18:20 - 2012-04-28 05:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-07-22 18:20 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-07-22 18:20 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-07-22 18:20 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2013-07-22 18:20 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-07-22 18:20 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2013-07-22 18:20 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-07-22 18:20 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2013-07-22 18:18 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-22 18:18 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-22 18:18 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-22 18:18 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-22 18:18 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-22 18:18 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-07-22 18:18 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-07-22 18:18 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-07-22 18:18 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-07-22 18:18 - 2011-12-28 05:59 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-07-22 18:17 - 2013-03-19 08:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-22 18:17 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-07-22 18:17 - 2013-03-19 07:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-22 18:17 - 2013-03-19 07:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-22 18:17 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-22 18:17 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-07-22 18:08 - 2013-08-08 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-22 18:08 - 2013-07-22 18:08 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-22 18:08 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2013-07-22 18:08 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-07-22 18:01 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-07-22 18:01 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-07-22 18:00 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-07-22 18:00 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-07-22 18:00 - 2011-11-17 08:41 - 01731920 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-07-22 18:00 - 2011-11-17 07:38 - 01292080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-07-22 17:58 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-07-22 17:58 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-07-22 17:58 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-07-22 17:58 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-07-22 17:56 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-07-22 17:56 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-07-22 17:56 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-07-22 17:48 - 2013-07-22 17:36 - 00037440 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2013-07-22 17:40 - 2013-07-22 17:40 - 00154952 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2013-07-22 17:40 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-07-22 17:40 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-07-22 17:40 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-07-22 17:40 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-07-22 17:40 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-07-22 17:40 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-07-22 17:40 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-07-22 17:40 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-07-22 17:40 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-07-22 17:39 - 2013-07-22 17:39 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-22 17:39 - 2013-07-22 17:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-22 17:39 - 2013-07-22 17:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-22 17:39 - 2013-07-22 17:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-22 17:39 - 2013-07-22 17:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-22 17:39 - 2013-07-22 17:39 - 00036640 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2013-07-22 17:39 - 2013-07-22 17:39 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-22 17:37 - 2013-07-22 17:37 - 00183024 _____ (Sophos Plc) C:\Windows\system32\sdccoinstaller.dll

==================== One Month Modified Files and Folders =======

2013-08-14 12:02 - 2013-08-14 12:02 - 00000000 ____D C:\FRST
2013-08-14 12:01 - 2013-08-14 12:01 - 00377856 _____ C:\Users\S5470\Desktop\3ld7i03w.exe
2013-08-14 11:58 - 2013-08-14 11:58 - 00050477 _____ C:\Users\S5470\Desktop\Defogger.exe
2013-08-14 11:58 - 2013-08-14 11:58 - 00000542 _____ C:\Users\S5470\Desktop\defogger_disable.log
2013-08-14 11:58 - 2013-08-14 11:58 - 00000168 _____ C:\Users\S5470\defogger_reenable
2013-08-14 11:58 - 2011-07-21 16:16 - 00000000 ____D C:\Users\S5470
2013-08-14 11:41 - 2013-07-22 18:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 11:38 - 2013-08-12 20:27 - 00000000 ____D C:\Users\S5470\AppData\Roaming\gnupg
2013-08-14 11:36 - 2011-07-26 15:48 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-14 11:36 - 2011-07-21 16:16 - 01777776 _____ C:\Windows\WindowsUpdate.log
2013-08-14 11:30 - 2013-08-14 11:30 - 00000000 ____D C:\Users\S5470\AppData\Local\Sophos
2013-08-14 11:26 - 2009-07-14 19:58 - 00705430 _____ C:\Windows\system32\perfh007.dat
2013-08-14 11:26 - 2009-07-14 19:58 - 00151892 _____ C:\Windows\system32\perfc007.dat
2013-08-14 11:26 - 2009-07-14 07:13 - 01635616 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 11:24 - 2009-07-14 06:45 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 11:24 - 2009-07-14 06:45 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 11:15 - 2013-08-14 09:23 - 00000022 _____ C:\Windows\S.dirmngr
2013-08-14 11:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 11:14 - 2011-07-26 16:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-14 11:14 - 2009-07-14 06:51 - 00030521 _____ C:\Windows\setupact.log
2013-08-14 10:53 - 2013-08-14 10:49 - 340508784 _____ (Microsoft Corporation) C:\Users\S5470\Desktop\X16-69412.exe
2013-08-14 10:53 - 2013-08-14 10:48 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Download Manager
2013-08-14 02:26 - 2013-08-14 12:00 - 01575544 _____ (Farbar) C:\Users\S5470\Desktop\FRST64.exe
2013-08-13 23:27 - 2011-07-29 13:03 - 00000000 ____D C:\Users\S5470\AppData\Roaming\vlc
2013-08-13 22:15 - 2011-07-26 16:02 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Skype
2013-08-13 09:30 - 2013-08-13 09:30 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2013-08-13 09:30 - 2013-08-13 09:30 - 00000000 ____D C:\Users\S5470\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-08-13 09:29 - 2013-07-24 20:41 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-13 07:59 - 2013-08-13 07:59 - 00287920 _____ C:\Windows\Minidump\081313-28095-01.dmp
2013-08-13 07:59 - 2011-08-09 22:43 - 463031341 _____ C:\Windows\MEMORY.DMP
2013-08-13 07:59 - 2011-08-09 22:43 - 00000000 ____D C:\Windows\Minidump
2013-08-12 20:39 - 2013-07-22 19:15 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Notepad++
2013-08-12 20:38 - 2013-08-12 20:38 - 00000985 _____ C:\Users\S5470\Desktop\FC8DAD06FB25831E373F6924794C95874B636D53.asc
2013-08-12 20:35 - 2013-08-12 20:32 - 00000000 ____D C:\Users\S5470\AppData\Roaming\.kde
2013-08-12 20:32 - 2013-08-12 20:32 - 00000000 ____D C:\Users\S5470\AppData\Local\GNU
2013-08-12 20:30 - 2013-08-12 20:30 - 00000000 ____D C:\ProgramData\GNU
2013-08-12 20:25 - 2013-08-12 20:25 - 00000000 ____D C:\Program Files (x86)\GNU
2013-08-12 11:45 - 2013-08-12 11:45 - 00000000 ____D C:\Users\S5470\.pdfsam
2013-08-12 10:38 - 2013-08-12 10:50 - 17810632 _____ (pdfforge GmbH) C:\Users\S5470\Desktop\PDFCreator-1_7_1_setup.exe
2013-08-09 16:45 - 2011-07-26 16:41 - 00001754 _____ C:\Windows\Sandboxie.ini
2013-08-09 09:34 - 2011-07-28 20:52 - 00000000 ____D C:\Users\S5470\Documents\Corel
2013-08-08 13:13 - 2013-07-22 18:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-07 18:25 - 2013-08-07 18:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-03 13:25 - 2011-07-29 13:03 - 00000000 ____D C:\Users\S5470\AppData\Roaming\dvdcss
2013-08-02 20:23 - 2011-07-22 21:06 - 00000000 ____D C:\Users\S5470\AppData\Local\Cisco
2013-08-01 10:54 - 2011-07-22 21:05 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-08-01 10:53 - 2011-07-22 21:05 - 00000000 ____D C:\ProgramData\Cisco
2013-08-01 08:56 - 2013-08-01 08:56 - 00000000 ____D C:\Users\S5470\AppData\Roaming\elsterformular
2013-08-01 08:53 - 2013-08-01 08:51 - 00000000 ____D C:\ProgramData\elsterformular
2013-08-01 08:51 - 2013-08-01 08:51 - 00001229 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2013-08-01 08:50 - 2013-08-01 08:50 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-07-30 21:52 - 2011-07-28 21:06 - 00000000 ____D C:\ProgramData\Acronis
2013-07-30 20:11 - 2011-07-26 17:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 20:11 - 2011-07-26 16:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-30 20:10 - 2013-07-22 19:47 - 00000000 ____D C:\Users\S5470\AppData\Local\NVIDIA
2013-07-30 20:10 - 2011-07-26 17:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-30 19:32 - 2013-07-30 19:32 - 00000000 ____D C:\NvidiaLogging
2013-07-28 21:55 - 2013-07-28 21:55 - 00108144 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-07-28 21:40 - 2013-07-22 18:57 - 00009749 _____ C:\Users\S5470\Desktop\Einkauf.xlsx
2013-07-26 15:54 - 2013-07-26 15:09 - 175628323 _____ C:\Users\S5470\Downloads\bgalac2.part08.rar.part
2013-07-26 15:09 - 2013-07-26 14:15 - 267386880 _____ C:\Users\S5470\Downloads\bgalac2.part07.rar
2013-07-26 14:04 - 2013-07-26 13:10 - 267386880 _____ C:\Users\S5470\Downloads\bgalac2.part06.rar
2013-07-26 13:07 - 2013-07-26 12:14 - 267386880 _____ C:\Users\S5470\Downloads\bgalac2.part01.rar
2013-07-26 12:13 - 2013-07-26 11:45 - 165336887 _____ C:\Users\S5470\Downloads\bgalac3.part32.rar
2013-07-26 11:44 - 2013-07-26 11:00 - 267386880 _____ C:\Users\S5470\Downloads\bgalac3.part31.rar
2013-07-26 10:59 - 2013-07-26 10:14 - 267386880 _____ C:\Users\S5470\Downloads\bgalac3.part30.rar
2013-07-26 09:59 - 2013-07-25 15:32 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part04.rar
2013-07-26 09:13 - 2013-07-26 08:29 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part03.rar
2013-07-26 08:28 - 2013-07-26 07:43 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part02.rar
2013-07-26 07:42 - 2013-07-26 06:58 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part01.rar
2013-07-25 17:23 - 2013-07-25 16:05 - 267386880 _____ C:\Users\S5470\Downloads\bgalac1.part10.rar
2013-07-25 16:13 - 2013-07-25 16:13 - 00065155 _____ C:\Users\S5470\Downloads\bgalac1.part12.rar.part
2013-07-25 16:12 - 2013-07-25 16:12 - 00032419 _____ C:\Users\S5470\Downloads\bgalac1.part11.rar.part
2013-07-25 15:30 - 2013-07-25 14:34 - 267386880 _____ C:\Users\S5470\Downloads\bgalac4.part03.rar
2013-07-25 14:33 - 2013-07-25 13:37 - 267386880 _____ C:\Users\S5470\Downloads\bgalac4.part02.rar
2013-07-25 13:36 - 2013-07-25 12:51 - 267386880 _____ C:\Users\S5470\Downloads\bgalac4.part01.rar
2013-07-25 12:53 - 2013-07-25 12:50 - 00000000 ____D C:\Users\S5470\Downloads\Specials
2013-07-25 12:50 - 2013-07-24 21:22 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part11.rar
2013-07-25 12:49 - 2013-07-25 12:49 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2013-07-25 12:42 - 2013-07-25 12:40 - 00000000 ____D C:\Users\S5470\AppData\Roaming\ODIN
2013-07-25 12:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-25 12:04 - 2013-07-25 11:27 - 223217151 _____ C:\Users\S5470\Downloads\bgalacs.part12.rar
2013-07-25 11:26 - 2013-07-25 10:41 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part08.rar
2013-07-25 10:40 - 2013-07-25 09:56 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part07.rar
2013-07-24 23:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-24 21:21 - 2013-07-24 19:52 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part10.rar
2013-07-24 20:39 - 2013-07-24 20:39 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-07-24 20:39 - 2013-07-24 20:39 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-07-24 20:39 - 2013-07-24 20:39 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-07-24 20:39 - 2013-07-24 20:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-07-24 20:39 - 2013-07-24 20:39 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-24 20:39 - 2011-07-31 16:19 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-07-24 20:39 - 2011-07-31 16:05 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-07-24 20:37 - 2013-07-24 20:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-24 19:51 - 2013-07-24 18:32 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part09.rar
2013-07-24 18:58 - 2013-07-24 18:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-24 18:58 - 2013-07-24 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-24 18:31 - 2013-07-24 17:12 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part06.rar
2013-07-24 17:12 - 2013-07-24 15:53 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part05.rar
2013-07-24 16:58 - 2011-07-21 16:17 - 00000000 ____D C:\Users\S5470\AppData\Local\VirtualStore
2013-07-24 14:05 - 2013-07-24 13:09 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part04.rar
2013-07-24 13:09 - 2013-07-24 12:24 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part03.rar
2013-07-24 11:38 - 2013-07-24 10:53 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part02.rar
2013-07-24 10:59 - 2013-07-24 10:59 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-24 10:52 - 2013-07-24 10:07 - 267386880 _____ C:\Users\S5470\Downloads\bgalacs.part01.rar
2013-07-23 22:20 - 2011-07-28 18:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-23 22:19 - 2011-07-29 01:44 - 01613510 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-23 09:44 - 2011-07-29 15:58 - 00091719 _____ C:\Windows\DirectX.log
2013-07-23 08:53 - 2011-07-22 18:53 - 00118440 _____ C:\Users\S5470\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-23 08:53 - 2011-07-21 16:17 - 00000000 ___RD C:\Users\S5470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-23 08:53 - 2011-07-21 16:17 - 00000000 ___RD C:\Users\S5470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-23 08:51 - 2009-07-14 06:45 - 00440144 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-23 08:49 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-23 08:48 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-23 08:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-23 08:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-22 23:23 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-07-22 23:06 - 2013-07-22 23:06 - 00003190 _____ C:\Windows\System32\Tasks\{0559D6B9-2A63-47E8-ACC0-D7CE2C4AC9D4}
2013-07-22 22:33 - 2013-07-22 22:32 - 00000040 _____ C:\Windows\RUNAWAY2.INI
2013-07-22 19:52 - 2011-07-21 16:17 - 00001421 _____ C:\Users\S5470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-22 19:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-22 19:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-22 19:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-07-22 19:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-07-22 19:45 - 2013-07-22 19:45 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-22 19:44 - 2013-07-22 19:44 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-22 19:39 - 2013-07-22 19:18 - 00000000 ____D C:\14306d99315203019f385abb0a
2013-07-22 19:15 - 2013-07-22 19:15 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-22 19:15 - 2013-07-22 19:15 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-22 19:14 - 2013-07-22 19:14 - 00000000 ____D C:\Users\S5470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BestPractice
2013-07-22 19:14 - 2013-07-22 19:14 - 00000000 ____D C:\Program Files (x86)\BestPractice
2013-07-22 19:01 - 2013-07-22 19:01 - 00000000 ____D C:\Users\S5470\AppData\Local\Macromedia
2013-07-22 19:01 - 2011-07-28 21:05 - 00272480 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2013-07-22 19:00 - 2011-07-28 21:04 - 00000000 ____D C:\Program Files (x86)\Acronis
2013-07-22 18:56 - 2013-07-22 18:40 - 00011686 _____ C:\Windows\IE10_main.log
2013-07-22 18:48 - 2011-07-26 16:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-22 18:48 - 2011-07-26 16:02 - 00000000 ____D C:\ProgramData\Skype
2013-07-22 18:47 - 2013-07-22 18:47 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-22 18:47 - 2013-07-22 18:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-22 18:47 - 2013-07-22 18:47 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-22 18:47 - 2013-07-22 18:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-22 18:47 - 2013-07-22 18:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-22 18:47 - 2013-07-22 18:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-22 18:47 - 2013-07-22 18:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-22 18:47 - 2013-07-22 18:47 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-22 18:47 - 2013-07-22 18:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-22 18:47 - 2013-07-22 18:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-22 18:47 - 2013-07-22 18:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-22 18:47 - 2013-07-22 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-22 18:47 - 2013-07-22 18:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-22 18:46 - 2013-07-22 18:46 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-22 18:43 - 2013-07-22 18:43 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-22 18:43 - 2013-07-22 18:43 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-22 18:42 - 2013-07-22 18:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-22 18:42 - 2013-07-22 18:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 18:42 - 2011-07-22 21:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-22 18:38 - 2013-07-22 18:38 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-22 18:35 - 2011-07-26 16:15 - 00008244 _____ C:\Windows\PFRO.log
2013-07-22 18:08 - 2013-07-22 18:08 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-22 18:08 - 2011-07-22 20:04 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-22 17:49 - 2011-07-22 21:26 - 00000000 ____D C:\ProgramData\Sophos
2013-07-22 17:40 - 2013-07-22 17:40 - 00154952 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2013-07-22 17:39 - 2013-07-22 17:39 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-22 17:39 - 2013-07-22 17:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-22 17:39 - 2013-07-22 17:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-22 17:39 - 2013-07-22 17:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-22 17:39 - 2013-07-22 17:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-22 17:39 - 2013-07-22 17:39 - 00036640 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2013-07-22 17:39 - 2013-07-22 17:39 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-22 17:39 - 2011-07-29 14:05 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-22 17:37 - 2013-07-22 17:37 - 00183024 _____ (Sophos Plc) C:\Windows\system32\sdccoinstaller.dll
2013-07-22 17:36 - 2013-07-22 17:48 - 00037440 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 16:23

==================== End Of Log ============================
--- --- ---

que2trash 14.08.2013 12:46
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013
Ran by S5470 at 2013-08-14 12:08:23
Running from C:\Users\S5470\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acronis*Disk*Director*11*Home (x32 Version: 11.0.2121)
Acronis*True*Image*Home (x32 Version: 11.0.8010)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
BestPractice (remove only) (x32)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.04059)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059)
Citavi (x32 Version: 3.1.0.0)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.0.487)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487)
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487)
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 (x32 Version: 15.0)
CorelDRAW(R) Graphics Suite X5 (x32 Version: 15.0.0.486)
Counter-Strike: Source (x32)
DAEMON Tools Lite (x32 Version: 4.41.3.0173)
Dota 2 (x32)
DriveImage XML (Private Edition) (x32 Version: 2.44.000)
EASEUS Partition Master 8.0.1 Home Edition (x32)
ElsterFormular (x32 Version: 14.3.20130522)
FreeCommander 2009.02b (x32 Version: 2009.02)
Gpg4win (2.1.1) (x32 Version: 2.1.1)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1)
ImgBurn (x32 Version: 2.5.5.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
MediaMonkey 3.2 (x32 Version: 3.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0)
Mozilla Firefox 23.0 (x86 de) (x32 Version: 23.0)
Mozilla Maintenance Service (x32 Version: 23.0)
Notepad++ (x32 Version: 6.4.2)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA Display Control Panel (Version: 1.10)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.131.854)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
Opera 12.16 (x32 Version: 12.16.1860)
pdfsam (x32 Version: 2.2.1)
PDF-XChange Viewer (Version: 2.5.197.0)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (x32 Version: 3.53.02)
ROCCAT Kone Mouse Driver (x32 Version: 1.0)
RocketDock 1.3.5 (x32)
Sandboxie 3.54 (64-bit)
Skype Toolbars (x32 Version: 5.3.7555)
Skype™ 6.6 (x32 Version: 6.6.106)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.3.0)
top Integrated Webcam Driver (1.04.01.1011) 
Trillian (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Veetle TV (x32 Version: 0.9.18)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinSCP 4.3.3 (x32 Version: 4.3.3)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-01 10:54 - 00000895 ____A C:\Windows\system32\Drivers\etc\hosts























131.188.12.8        ciscovpn.rrze.uni-erlangen.de



==================== Scheduled Tasks (whitelisted) =============

Task: {07B5847B-B495-4182-B842-0CB1D4E685A9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {0A8D093B-EFB7-4661-A6B6-018F2F8D77CD} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {69CC551E-64D7-44C6-A5BA-EC1F97EB3CAF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {89761739-344A-43E8-BCA5-43570E7BC6D9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {9311D1F6-D757-4A1A-B6A5-70AE0949261F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {9F380913-0802-47D7-898E-2539BF5DA4D2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {AAB8BCF5-5E1B-4F56-9C1F-6AF801486F21} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22] (Adobe Systems Incorporated)
Task: {B2EFEB65-A750-4892-889C-BF3A1F38326C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {BE319257-F889-4FD7-BE16-708F1F8DBDCE} - System32\Tasks\{6F2A38CF-251E-4480-BBE3-3EEF38C33E9D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {F757485E-5391-4F35-B2F2-CF1BEC1D7D82} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {FAD1BD2A-AABF-4E49-B794-6B8628BAACB8} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2013 07:20:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/13/2013 07:19:23 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (08/13/2013 07:14:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/13/2013 07:14:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/13/2013 07:14:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/13/2013 07:12:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/13/2013 09:30:02 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed Windows 7 USB/DVD Download Tool; Fehler = 0x80070422).

Error: (08/13/2013 09:30:02 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed Windows 7 USB/DVD Download Tool; Fehler = 0x80070422).

Error: (08/13/2013 09:29:30 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Windows 7 USB/DVD Download Tool; Fehler = 0x80070422).

Error: (08/13/2013 09:29:29 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Windows 7 USB/DVD Download Tool; Fehler = 0x80070422).


System errors:
=============
Error: (08/14/2013 11:14:56 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎14.‎08.‎2013 um 11:12:57 unerwartet heruntergefahren.

Error: (08/14/2013 09:41:00 AM) (Source: DCOM) (User: )
Description: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}

Error: (08/14/2013 09:31:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (08/14/2013 09:30:28 AM) (Source: DCOM) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (08/14/2013 09:28:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet.

Error: (08/13/2013 11:27:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1115

Error: (08/13/2013 06:33:59 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (08/13/2013 03:13:59 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (08/13/2013 08:25:49 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (08/13/2013 08:25:48 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 4094.04 MB
Available physical RAM: 1972.67 MB
Total Pagefile: 8186.25 MB
Available Pagefile: 5838.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.32 GB) (Free:126.92 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Software) (Fixed) (Total:29.3 GB) (Free:15.16 GB) NTFS (Disk=0 Partition=3)
Drive e: (Daten) (Fixed) (Total:146.58 GB) (Free:135.39 GB) NTFS (Disk=0 Partition=2)
Drive r: (BATTLESTAR_GALACTICA_221) (CDROM) (Total:7.7 GB) (Free:0 GB) UDF
Drive y: (Backup) (Fixed) (Total:94.56 GB) (Free:23.06 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E7BE3FD6)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=124 GB) - (Type=05)

==================== End Of Log ============================
--- --- ---


GMER Logfile:
Code:
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-08-14 12:48:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9500420AS rev.0002SDM1 465,76GB
Running: 3ld7i03w.exe; Driver: C:\Users\S5470\AppData\Local\Temp\fgloypod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                fffff80002db1000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                fffff80002db102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                  fffff96000113e00 7 bytes [00, A3, F3, FF, 01, AF, F0]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                              fffff96000113e08 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000074e21465 2 bytes [E2, 74]
.text    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\Explorer.EXE[2444] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                        0000000076f623d0 5 bytes JMP 000000016fff00d8
.text    C:\Windows\Explorer.EXE[2444] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                              0000000076fdf6c0 8 bytes JMP 000000016fff0110
.text    C:\Windows\Explorer.EXE[2444] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                      000007fefdc37490 11 bytes JMP 000007fffdb600d8
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    c:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000074e21465 2 bytes [E2, 74]
.text    c:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\OEM02Mon.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000074e21465 2 bytes [E2, 74]
.text    C:\Windows\OEM02Mon.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000074e21465 2 bytes [E2, 74]
.text    C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Users\S5470\Desktop\3ld7i03w.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000074e21465 2 bytes [E2, 74]
.text    C:\Users\S5470\Desktop\3ld7i03w.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                0000000074e214bb 2 bytes [E2, 74]
.text    ...                                                                                                                                              * 2

---- Threads - GMER 2.1 ----

Thread    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2456:2692]                                                                        000007fef4e9c680

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197eda2267                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197eda2267 (not active ControlSet)                                                 

---- EOF - GMER 2.1 ----
--- --- ---

schrauber 14.08.2013 19:43
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

que2trash 15.08.2013 10:29
Hi, danke schonmal :)

Code:
ComboFix 13-08-14.02 - S5470 15.08.2013  10:43:44.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4094.2262 [GMT 2:00]
ausgeführt von:: c:\users\S5470\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\S5470\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-15 bis 2013-08-15  ))))))))))))))))))))))))))))))
.
.
2013-08-15 08:50 . 2013-08-15 08:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-08-14 19:44 . 2013-07-26 03:35        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2013-08-14 19:34 . 2013-08-15 08:47        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1A56191-F60E-4223-8037-DBDCCA4E88AF}\offreg.dll
2013-08-14 19:32 . 2013-08-14 19:35        --------        d-----w-        c:\windows\system32\MRT
2013-08-14 19:31 . 2013-07-09 05:46        1472512        ----a-w-        c:\windows\system32\crypt32.dll
2013-08-14 19:31 . 2013-07-09 05:52        224256        ----a-w-        c:\windows\system32\wintrust.dll
2013-08-14 19:31 . 2013-07-09 05:46        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-08-14 19:31 . 2013-07-09 04:52        175104        ----a-w-        c:\windows\SysWow64\wintrust.dll
2013-08-14 19:31 . 2013-07-09 04:46        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-08-14 19:31 . 2013-07-09 04:46        1166848        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-08-14 19:31 . 2013-07-09 05:46        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-08-14 19:31 . 2013-07-09 04:46        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-08-14 19:31 . 2013-07-19 01:58        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-08-14 19:31 . 2013-07-19 01:41        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2013-08-14 19:24 . 2013-07-15 01:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1A56191-F60E-4223-8037-DBDCCA4E88AF}\mpengine.dll
2013-08-14 10:02 . 2013-08-14 10:02        --------        d-----w-        C:\FRST
2013-08-14 09:30 . 2013-08-14 09:30        --------        d-----w-        c:\users\S5470\AppData\Local\Sophos
2013-08-14 08:48 . 2013-08-14 08:53        --------        d-----w-        c:\users\S5470\AppData\Roaming\Download Manager
2013-08-13 07:30 . 2013-08-13 07:30        119808        ----a-r-        c:\users\S5470\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-08-13 07:30 . 2013-08-13 07:30        --------        d-----w-        c:\users\S5470\AppData\Local\Apps
2013-08-12 19:07 . 2013-08-12 19:07        --------        d-----w-        c:\users\S5470\AppData\Local\Programs
2013-08-12 18:32 . 2013-08-12 18:32        --------        d-----w-        c:\users\S5470\AppData\Local\GNU
2013-08-12 18:32 . 2013-08-12 18:35        --------        d-----w-        c:\users\S5470\AppData\Roaming\.kde
2013-08-12 18:30 . 2013-08-12 18:30        --------        d-----w-        c:\programdata\GNU
2013-08-12 18:27 . 2013-08-14 19:26        --------        d-----w-        c:\users\S5470\AppData\Roaming\gnupg
2013-08-12 18:25 . 2013-08-12 18:25        --------        d-----w-        c:\program files (x86)\GNU
2013-08-12 09:45 . 2013-08-12 09:45        --------        d-----w-        c:\users\S5470\.pdfsam
2013-08-01 06:56 . 2013-08-01 06:56        --------        d-----w-        c:\users\S5470\AppData\Roaming\elsterformular
2013-08-01 06:51 . 2013-08-01 06:53        --------        d-----w-        c:\programdata\elsterformular
2013-08-01 06:50 . 2013-08-01 06:50        --------        d-----w-        c:\program files (x86)\ElsterFormular
2013-07-30 17:32 . 2013-07-30 17:32        --------        d-----w-        C:\NvidiaLogging
2013-07-28 19:55 . 2013-07-28 19:55        108144        ----a-w-        c:\windows\SysWow64\CmdLineExt.dll
2013-07-25 10:49 . 2013-07-25 10:49        --------        d-----w-        c:\program files (x86)\Runtime Software
2013-07-25 10:40 . 2013-07-25 10:42        --------        d-----w-        c:\users\S5470\AppData\Roaming\ODIN
2013-07-24 18:41 . 2013-08-13 07:29        --------        d-----w-        c:\windows\system32\appmgmt
2013-07-24 18:39 . 2013-07-24 18:39        --------        d-----w-        c:\program files\Microsoft Mouse and Keyboard Center
2013-07-24 18:35 . 2012-08-24 18:09        458712        ----a-w-        c:\windows\system32\drivers\cng.sys
2013-07-24 18:35 . 2012-08-24 18:05        340992        ----a-w-        c:\windows\system32\schannel.dll
2013-07-24 18:35 . 2012-08-24 16:57        247808        ----a-w-        c:\windows\SysWow64\schannel.dll
2013-07-24 18:35 . 2012-08-24 18:13        154480        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2013-07-24 18:35 . 2012-08-24 18:03        1448448        ----a-w-        c:\windows\system32\lsasrv.dll
2013-07-24 18:35 . 2012-08-24 16:57        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2013-07-24 18:35 . 2012-08-24 16:53        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2013-07-24 18:35 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2013-07-24 18:35 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2013-07-24 18:32 . 2013-07-24 18:41        --------        d-----w-        c:\program files (x86)\Microsoft
2013-07-24 16:58 . 2013-07-24 16:58        --------        d-----w-        c:\program files\Microsoft Silverlight
2013-07-24 16:58 . 2013-07-24 16:58        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2013-07-24 08:59 . 2013-07-24 08:59        --------        d-----w-        c:\windows\SysWow64\Adobe
2013-07-23 12:09 . 2013-04-17 07:02        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2013-07-23 12:09 . 2013-04-17 06:24        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2013-07-22 22:01 . 2012-07-26 07:46        2560        ----a-w-        c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-07-22 22:01 . 2012-07-26 04:55        785512        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2013-07-22 22:01 . 2012-07-26 04:55        54376        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2013-07-22 22:01 . 2012-07-26 02:36        9728        ----a-w-        c:\windows\system32\Wdfres.dll
2013-07-22 21:34 . 2012-12-16 17:11        46080        ----a-w-        c:\windows\system32\atmlib.dll
2013-07-22 21:34 . 2012-12-16 14:45        367616        ----a-w-        c:\windows\system32\atmfd.dll
2013-07-22 21:34 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2013-07-22 21:34 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2013-07-22 21:32 . 2012-07-26 03:08        84992        ----a-w-        c:\windows\system32\WUDFSvc.dll
2013-07-22 21:32 . 2012-07-26 03:08        194048        ----a-w-        c:\windows\system32\WUDFPlatform.dll
2013-07-22 21:32 . 2012-07-26 02:26        87040        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys
2013-07-22 21:32 . 2012-07-26 02:26        198656        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys
2013-07-22 21:32 . 2012-07-26 03:08        229888        ----a-w-        c:\windows\system32\WUDFHost.exe
2013-07-22 21:32 . 2012-07-26 03:08        744448        ----a-w-        c:\windows\system32\WUDFx.dll
2013-07-22 21:32 . 2012-07-26 03:08        45056        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll
2013-07-22 21:15 . 2012-03-01 06:46        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2013-07-22 21:15 . 2012-03-01 06:33        81408        ----a-w-        c:\windows\system32\imagehlp.dll
2013-07-22 21:15 . 2012-03-01 06:28        5120        ----a-w-        c:\windows\system32\wmi.dll
2013-07-22 21:15 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2013-07-22 21:15 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\SysWow64\wmi.dll
2013-07-22 17:47 . 2013-07-30 18:10        --------        d-----w-        c:\users\S5470\AppData\Local\NVIDIA
2013-07-22 17:46 . 2013-04-02 22:51        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-22 17:46 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2013-07-22 17:45 . 2013-07-22 17:45        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2013-07-22 17:44 . 2013-07-30 18:11        --------        d-----w-        c:\users\UpdatusUser
2013-07-22 17:18 . 2013-07-22 17:39        --------        d-----w-        C:\14306d99315203019f385abb0a
2013-07-22 17:18 . 2013-06-21 12:06        7641832        ----a-w-        c:\windows\system32\nvopencl.dll
2013-07-22 17:18 . 2013-06-21 12:06        6324360        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2013-07-22 17:18 . 2013-06-21 12:06        27781920        ----a-w-        c:\windows\system32\nvoglv64.dll
2013-07-22 17:18 . 2013-06-21 12:06        21102368        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2013-07-22 17:18 . 2013-06-21 12:06        13411896        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2013-07-22 17:15 . 2013-08-12 18:39        --------        d-----w-        c:\users\S5470\AppData\Roaming\Notepad++
2013-07-22 17:15 . 2013-07-22 17:15        --------        d-----w-        c:\program files (x86)\Notepad++
2013-07-22 17:14 . 2013-07-22 17:14        --------        d-----w-        c:\program files (x86)\BestPractice
2013-07-22 17:01 . 2013-07-22 17:01        --------        d-----w-        c:\users\S5470\AppData\Local\Macromedia
2013-07-22 16:48 . 2013-07-22 16:48        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2013-07-22 16:46 . 2013-07-22 16:46        68608        ----a-w-        c:\windows\system32\taskhost.exe
2013-07-22 16:38 . 2013-07-22 16:42        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-22 16:38 . 2013-07-22 16:38        --------        d-----w-        c:\windows\system32\Macromed
2013-07-22 16:26 . 2012-11-30 05:41        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2013-07-22 16:24 . 2012-12-07 13:20        441856        ----a-w-        c:\windows\system32\Wpc.dll
2013-07-22 16:23 . 2013-01-04 05:46        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-07-22 16:21 . 2013-06-05 03:34        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-07-22 16:20 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2013-07-22 16:18 . 2011-12-28 03:59        498688        ----a-w-        c:\windows\system32\drivers\afd.sys
2013-07-22 16:18 . 2013-01-24 06:01        223752        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-07-22 16:18 . 2013-04-10 05:48        1732608        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-07-22 16:18 . 2013-04-10 05:46        1393152        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-07-22 16:18 . 2013-04-10 05:46        1367040        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 16:18 . 2013-04-10 05:03        936448        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 16:18 . 2013-04-10 05:46        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-07-22 16:18 . 2012-08-11 00:56        715776        ----a-w-        c:\windows\system32\kerberos.dll
2013-07-22 16:18 . 2012-08-10 23:56        542208        ----a-w-        c:\windows\SysWow64\kerberos.dll
2013-07-22 16:18 . 2012-09-25 22:47        78336        ----a-w-        c:\windows\SysWow64\synceng.dll
2013-07-22 16:18 . 2012-09-25 22:46        95744        ----a-w-        c:\windows\system32\synceng.dll
2013-07-22 16:18 . 2013-04-26 05:51        751104        ----a-w-        c:\windows\system32\win32spl.dll
2013-07-22 16:18 . 2013-04-26 04:55        492544        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-07-22 16:17 . 2013-03-19 05:46        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-07-22 16:17 . 2013-03-19 04:47        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-07-22 16:17 . 2013-03-19 03:06        112640        ----a-w-        c:\windows\system32\smss.exe
2013-07-22 16:08 . 2011-12-16 08:46        634880        ----a-w-        c:\windows\system32\msvcrt.dll
2013-07-22 16:08 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll
2013-07-22 16:08 . 2013-08-08 11:13        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2013-07-22 16:01 . 2013-04-25 23:30        1505280        ----a-w-        c:\windows\SysWow64\d3d11.dll
2013-07-22 16:01 . 2013-03-31 22:52        1887232        ----a-w-        c:\windows\system32\d3d11.dll
2013-07-22 15:58 . 2012-02-11 06:36        559104        ----a-w-        c:\windows\system32\spoolsv.exe
2013-07-22 15:58 . 2012-02-11 06:36        67072        ----a-w-        c:\windows\splwow64.exe
2013-07-22 15:58 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll
2013-07-22 15:58 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2013-07-22 15:56 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2013-07-22 15:56 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2013-07-22 15:56 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2013-07-22 15:49 . 2013-07-22 15:49        --------        d-----w-        c:\program files (x86)\Common Files\Sophos
2013-07-22 15:48 . 2013-07-22 15:48        --------        d-----w-        c:\program files (x86)\Common Files\Cisco Systems
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 19:32 . 2011-07-22 17:19        78161360        ----a-w-        c:\windows\system32\MRT.exe
2013-07-22 17:01 . 2011-07-28 19:05        272480        ----a-w-        c:\windows\system32\drivers\snapman.sys
2013-07-22 16:42 . 2011-07-22 19:11        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 15:39 . 2011-07-29 12:05        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-07-09 04:45 . 2013-08-14 19:30        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-06-21 12:06 . 2011-07-26 15:12        15920536        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2013-06-21 12:06 . 2011-07-26 14:46        2936208        ----a-w-        c:\windows\system32\nvapi64.dll
2013-06-21 10:23 . 2010-05-12 15:20        6496544        ----a-w-        c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2010-05-12 15:20        3514656        ----a-w-        c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2010-05-12 15:20        884512        ----a-w-        c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2010-05-12 15:20        63776        ----a-w-        c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2010-05-12 15:20        2555680        ----a-w-        c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2010-05-12 15:20        237856        ----a-w-        c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16        566048        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2013-06-19 15:00 . 2013-06-19 15:00        11152        ----a-w-        c:\windows\SysWow64\vpncategories.dll
2013-06-19 15:00 . 2013-06-19 15:00        34192        ----a-w-        c:\windows\SysWow64\vpnevents.dll
2013-06-19 14:42 . 2013-06-19 14:42        52080        ----a-w-        c:\windows\system32\drivers\vpnva64-6.sys
2013-06-19 14:40 . 2013-06-19 14:40        112080        ----a-r-        c:\windows\system32\drivers\acsock64.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 597736]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-07-22 929272]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2011-02-18 1666560]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-06-19 703888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 bcm44amd64;Broadcom 440x 10/100-integrierter Controller-XP-Treiber;c:\windows\system32\DRIVERS\b44amd64.sys;c:\windows\SYSNATIVE\DRIVERS\b44amd64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys;c:\windows\SYSNATIVE\drivers\Kone.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 16:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\
FF - ExtSQL: 2013-07-22 18:18; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-07-22 18:19; firefox@ghostery.com; c:\users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2013-07-22 18:19; donottrackplus@abine.com; c:\users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-07-22 18:30; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-07-23 20:55; foxyproxy@eric.h.jung; c:\users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\extensions\foxyproxy@eric.h.jung
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-994605533-1841656101-3182983877-1000\Software\SecuROM\License information*]
"datasecu"=hex:ad,76,a2,f0,ba,cf,c3,36,47,cc,3a,85,55,d6,de,2e,5a,7e,e7,4b,7d,
  df,50,24,cb,83,8b,31,0c,be,88,e5,9c,57,bf,5c,4a,17,c7,14,e3,22,34,17,ac,7d,\
"rkeysecu"=hex:45,fc,de,95,0b,c6,6d,63,72,5f,7c,e9,07,6e,26,a8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-15  10:53:53
ComboFix-quarantined-files.txt  2013-08-15 08:53
.
Vor Suchlauf: 12 Verzeichnis(se), 141.509.541.888 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 142.340.182.016 Bytes frei
.
- - End Of File - - 2AD0F37A28F4C680150AAB678B49F56C
A36C5E4F47E84449FF07ED3517B43A31

schrauber 15.08.2013 14:33
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

que2trash 15.08.2013 16:23
Code:
# AdwCleaner v2.306 - Datei am 15/08/2013 um 16:00:08 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : S5470 - S5470-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\S5470\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v23.0 (de)

Datei : C:\Users\S5470\AppData\Roaming\Mozilla\Firefox\Profiles\ay543qgo.default\prefs.js

Gefunden : user_pref("vshare.install.date", "1313257495");
Gefunden : user_pref("vshare.install.finished", "1.0.0");
Gefunden : user_pref("vshare.install.fresh", "false");
Gefunden : user_pref("vshare.install.guid", "{fcc6c78f-d544-4d19-8682-7a39d945f132}");
Gefunden : user_pref("vshare.install.newtab", false);

-\\ Opera v12.16.1860.0

Datei : C:\Users\S5470\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1963 octets] - [15/08/2013 16:00:08]

########## EOF - C:\AdwCleaner[R1].txt - [2023 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Professional x64
Ran by S5470 on 15.08.2013 at 16:04:28,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\S5470\AppData\Roaming\mozilla\firefox\profiles\ay543qgo.default\prefs.js

user_pref("vshare.install.date", "1313257495");
user_pref("vshare.install.finished", "1.0.0");
user_pref("vshare.install.fresh", "false");
user_pref("vshare.install.guid", "{fcc6c78f-d544-4d19-8682-7a39d945f132}");
user_pref("vshare.install.newtab", false);
Emptied folder: C:\Users\S5470\AppData\Roaming\mozilla\firefox\profiles\ay543qgo.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.08.2013 at 16:12:56,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

que2trash 15.08.2013 16:26
Sorry für die .zip - diesmal war das FRST-log länger als 120000 Zeichen.

schrauber 15.08.2013 18:56
Sophos deinstallieren und neu installieren.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

que2trash 16.08.2013 10:24
Schaun wir mal :) Also inzwischen gab's auch ein Windows-Update, die Fehlermeldung ist auf jeden Fall weg und Geschwindigkeit auch wieder im grünen Bereich!

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0695975642cc3c478f121295405c3da0
# engine=14788
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-16 08:51:13
# local_time=2013-08-16 10:51:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 3535 128272923 0 0
# compatibility_mode=8450 16777213 85 98 3497 65280252 0 0
# scanned=167896
# found=0
# cleaned=0
# scan_time=3411
Code:
Results of screen317's Security Check version 0.99.72 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Sophos Anti-Virus 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25 
 Adobe Flash Player 11.8.800.94 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox (23.0)
````````Process Check: objlist.exe by Laurent```````` 
 Sophos Sophos Anti-Virus SavService.exe 
 Sophos Sophos Anti-Virus SAVAdminService.exe 
 Sophos Sophos Anti-Virus Web Control swc_service.exe
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
 Sophos Sophos Anti-Virus SavMain.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

que2trash 16.08.2013 10:27
Hier noch das FRST-log, auch wieder zu lang für den Post.

schrauber 16.08.2013 16:21
Adobe updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

que2trash 16.08.2013 18:06
Ok, alles ausgeführt. System läuft wieder wie es soll :)

Ganz ganz herzlichen Dank für die schnelle Hilfe! Und auch für die Tips am Ende, so ein Temp Files-Removing Tool hab ich sowieso schon gesucht :)

Viele Grüße und schönes Wochenende!

schrauber 17.08.2013 22:22
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131