Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: weiße Popups

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.12.2013, 08:30   #1
Tinalina
 
weiße Popups - Standard

weiße Popups



Hallo Leute,

auch bei mir öffnen sich ständig Popup-Fenster. Ich habe sie schon einmal losbekommen, indem ich den Anweisungen in einem Thread hier gefolgt bin. Doch seit ein paar Tagen habe ich jetzt eine ahnliches Problem wie vorher: Es öffnen sich Popups ohne Inhalt und ich würde die gerne wieder wegbekommen. Nachdem es beim ersten selbständigen Versuch nicht grade lange gedauert hat, bis ich wieder ein Problem habe und da ich computermäßig nicht so der Experte bin, wende ich mich an Euch und würde mich über Hilfe sehr freuen. Zum Einen würde ich gerne wissen, was ich machen muß, um das loszubekommen und zweitens hätte ich gerne Tipps, wie ich verhindern kann, wieder so was zu bekommen. Ich hätte eigentlich gedacht, dass ich umsichtig serve... (wobei ich nicht ganz ausschließen kann, dass z.B. mein Sohn der Verursacher dieser Probleme ist).
PS: Malwarebytes hatte zuletzt pup.optional.offermosquito.a gefunden. Habe das behoben und neu gestartet, aber das Problem mit den Popups blieb.

Geändert von Tinalina (10.12.2013 um 08:31 Uhr) Grund: PS dazu

Alt 10.12.2013, 08:54   #2
schrauber
/// the machine
/// TB-Ausbilder
 

weiße Popups - Standard

weiße Popups



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.12.2013, 12:25   #3
Tinalina
 
weiße Popups - Standard

weiße Popups



Hallo Schrauber,
die beiden angefragten Dateien müssten jetzt als Anhang dabei sein - ist das mit Posten gemeint?
LG Tina
__________________
Angehängte Dateien
Dateityp: txt FRST.txt (64,8 KB, 189x aufgerufen)
Dateityp: txt Addition.txt (49,3 KB, 135x aufgerufen)

Alt 11.12.2013, 07:47   #4
schrauber
/// the machine
/// TB-Ausbilder
 

weiße Popups - Standard

weiße Popups



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.12.2013, 15:15   #5
Tinalina
 
weiße Popups - Standard

weiße Popups



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by SilenPro (administrator) on SILENPRO-PC on 10-12-2013 13:13:44
Running from C:\Users\SilenPro\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\Training Center\gStart.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dropbox, Inc.) C:\Users\SilenPro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPANEL.exe [2158592 2010-06-18] ()
HKCU\...\Run: [Akamai NetSession Interface] - "C:\Users\SilenPro\AppData\Local\Akamai\netsession_win.exe"
HKCU\...\Run: [gStart] - C:\Program Files (x86)\Garmin\Training Center\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKCU\...\Run: [SSync] - C:\Users\SilenPro\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] ()
HKCU\...\Run: [DataMgr] - C:\Users\SilenPro\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-05-20] (HTTO Group, Ltd.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKCU\...\Run: [SCheck] - C:\Users\SilenPro\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-09] ()
HKCU\...\Run: [Snoozer] - C:\Users\SilenPro\AppData\Roaming\Snz\Snz.exe [1226900 2013-11-27] ()
HKCU\...\Run: [Intermediate] - C:\Users\SilenPro\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-09] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] - C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini [322 2013-12-07] ()
Startup: C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SilenPro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD585F0B8E3D5CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
URLSearchHook: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No File
URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {5C557C61-92F5-4BD9-BD81-FE00E503DE86} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=0ea294c4-ab20-4edf-9ec2-c5ef5f25fadd&apn_sauid=5060282C-82C1-4E2F-8003-3690DF8EA2A6&
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -  No File
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.253

FireFox:
========
FF ProfilePath: C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: about:home
FF Keyword.URL: hxxp://native-search.com/search.php?channel=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: om - C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\Extensions\om@offermosquito.com.xpi
FF Extension: snt - C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\Extensions\snt@dotlabs.co.xpi
FF Extension: prefs - C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi
FF Extension: Adblock Plus - C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: prefs - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
CHR RestoreOnStartup: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (OfferMosquito) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\1.0_0
CHR Extension: (Any New Tab) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfenflmklmpohipcckmagnmbmbibnolo\1.0.0_0
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0
CHR Extension: (Google Wallet) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\SilenPro\AppData\Local\Temp\tbch.crx

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-04-26] (Adobe Systems)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-10] ()
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-10] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation                           )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S2 TBPanel; No ImagePath
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-06-09] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 13:13 - 2013-12-10 13:15 - 00021133 _____ C:\Users\SilenPro\Desktop\FRST.txt
2013-12-10 13:13 - 2013-12-10 13:13 - 00000000 ____D C:\FRST
2013-12-10 13:11 - 2013-12-10 13:11 - 01927982 _____ (Farbar) C:\Users\SilenPro\Desktop\FRST64.exe
2013-12-07 15:05 - 2013-12-07 15:05 - 00002411 _____ C:\Users\Public\Desktop\Spiel Christmas Stories - Eine Weihnachtsgeschichte Sammleredition.lnk
2013-12-07 15:05 - 2013-12-07 15:05 - 00001350 _____ C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2013-12-07 15:00 - 2013-12-07 15:05 - 00000000 ____D C:\Program Files (x86)\Christmas Stories - Eine Weihnachtsgeschichte Sammleredition
2013-12-07 15:00 - 2013-12-07 15:00 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Christmas Stories - Eine Weihnachtsgeschichte Sammleredition
2013-12-07 14:55 - 2013-12-07 14:56 - 00236648 _____ (Big Fish Games) C:\Users\SilenPro\Downloads\fierce-tales-marcus-memory_s2_l2_gF6477T1L2_d2211193870.exe
2013-12-07 14:55 - 2013-12-07 14:55 - 00002270 _____ C:\Users\Public\Desktop\Spiel Forest Legends - Der Ruf der Liebe Sammleredition.lnk
2013-12-07 14:52 - 2013-12-07 14:55 - 00000000 ____D C:\Program Files (x86)\Forest Legends - Der Ruf der Liebe Sammleredition
2013-12-07 14:52 - 2013-12-07 14:52 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forest Legends - Der Ruf der Liebe Sammleredition
2013-12-04 22:15 - 2013-12-04 22:15 - 00002337 _____ C:\Users\Public\Desktop\Spiel Clockwork Tales - Die Geschichte von Glass und Ink.lnk
2013-12-04 22:14 - 2013-12-04 22:15 - 00000000 ____D C:\Program Files (x86)\Clockwork Tales - Die Geschichte von Glass und Ink
2013-12-04 22:14 - 2013-12-04 22:14 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clockwork Tales - Die Geschichte von Glass und Ink
2013-12-03 16:04 - 2013-12-03 16:04 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Snz
2013-12-02 17:55 - 2013-12-02 17:55 - 00236648 _____ (Big Fish Games) C:\Users\SilenPro\Downloads\forest-legends-the-call-of-love-ce_s2_l2_gF6484T1L2_d2208297478(1).exe
2013-12-01 09:40 - 2013-12-01 09:44 - 00000000 ____D C:\Users\SilenPro\Documents\Flohmarkt
2013-11-29 11:27 - 2013-11-29 11:27 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Anuman
2013-11-28 22:13 - 2013-11-28 22:13 - 00001045 _____ C:\Users\UpdatusUser\Desktop\Winmail Opener.lnk
2013-11-28 22:13 - 2013-11-28 22:13 - 00001045 _____ C:\Users\SilenPro\Desktop\Winmail Opener.lnk
2013-11-28 22:13 - 2013-11-28 22:13 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener
2013-11-28 22:13 - 2013-11-28 22:13 - 00000000 ____D C:\Program Files (x86)\Winmail Opener
2013-11-28 22:12 - 2013-11-28 22:12 - 00328095 _____ C:\Users\SilenPro\Downloads\winmail_opener.exe
2013-11-21 23:00 - 2013-11-21 23:00 - 00288050 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-11-21 22:59 - 2013-11-21 23:00 - 00291268 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-11-20 19:05 - 2013-11-20 19:05 - 00001755 _____ C:\Users\SilenPro\AppData\Roaming\SAS7_000.DAT
2013-11-20 18:04 - 2013-11-20 18:04 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Nuance
2013-11-20 17:54 - 2013-11-20 17:54 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\FLEXnet
2013-11-20 17:52 - 2013-11-20 17:52 - 00002799 _____ C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\Nuance
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\Macrovision
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\Program Files (x86)\Nuance
2013-11-20 17:30 - 2013-11-20 17:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-11-20 14:47 - 2013-11-20 14:47 - 00003162 _____ C:\Windows\System32\Tasks\{61D34957-CE07-4807-ACBA-DB8897B90604}
2013-11-20 14:11 - 2013-11-20 14:11 - 00018432 _____ C:\Users\SilenPro\Documents\DragonSupportPackage_20131120_1411.dgnarc
2013-11-20 13:25 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-20 13:21 - 2013-11-20 13:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-20 13:21 - 2013-11-20 13:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-20 13:20 - 2013-11-20 13:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-20 13:20 - 2013-11-20 13:20 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-20 13:20 - 2013-11-20 13:20 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-20 13:20 - 2013-11-20 13:20 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-20 13:20 - 2013-11-20 13:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-20 13:20 - 2013-11-20 13:20 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-20 13:20 - 2013-11-20 13:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-20 13:20 - 2013-11-20 13:20 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-20 13:20 - 2013-11-20 13:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-20 13:20 - 2013-11-20 13:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-20 00:05 - 2013-11-20 13:25 - 00015479 _____ C:\Windows\IE11_main.log
2013-11-18 10:14 - 2013-11-18 10:21 - 622738047 _____ C:\Users\SilenPro\Downloads\Schiller.zip
2013-11-17 10:56 - 2013-11-17 10:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 16:27 - 2013-11-15 16:27 - 00003162 _____ C:\Windows\System32\Tasks\{775D0F7B-B5B0-4117-B8C0-9CFE54B85B5A}
2013-11-15 09:11 - 2013-11-15 09:11 - 00001105 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Malwarebytes
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-15 09:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 15:44 - 2013-11-14 15:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-14 15:44 - 2013-11-14 15:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-13 10:26 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 10:26 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 10:26 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 10:26 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 10:26 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 10:26 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 10:26 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 10:26 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 10:26 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 10:26 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 10:26 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 10:26 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 10:26 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 10:26 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 10:26 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 10:26 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 10:26 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 10:26 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 10:26 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 10:26 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 10:26 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 10:26 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 10:26 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 10:26 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 10:26 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 10:26 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 10:26 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 10:26 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 10:26 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 10:26 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 00:50 - 2013-11-13 00:51 - 00000680 __RSH C:\Users\SilenPro\ntuser.pol

==================== One Month Modified Files and Folders =======

2013-12-10 13:15 - 2013-12-10 13:13 - 00021133 _____ C:\Users\SilenPro\Desktop\FRST.txt
2013-12-10 13:13 - 2013-12-10 13:13 - 00000000 ____D C:\FRST
2013-12-10 13:11 - 2013-12-10 13:11 - 01927982 _____ (Farbar) C:\Users\SilenPro\Desktop\FRST64.exe
2013-12-10 13:05 - 2010-12-03 20:53 - 01614298 _____ C:\Windows\WindowsUpdate.log
2013-12-10 13:04 - 2012-04-02 12:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 13:04 - 2010-12-05 12:53 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 09:07 - 2009-07-14 05:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 09:07 - 2009-07-14 05:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 09:02 - 2011-08-14 20:46 - 00000000 ___RD C:\Users\SilenPro\Dropbox
2013-12-10 09:02 - 2011-08-14 20:44 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Dropbox
2013-12-10 09:01 - 2010-12-05 12:53 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 09:00 - 2012-07-15 17:27 - 00000000 ____D C:\ProgramData\VMware
2013-12-10 08:59 - 2012-06-21 14:35 - 00023627 _____ C:\Windows\setupact.log
2013-12-10 08:59 - 2010-12-03 15:05 - 00136782 _____ C:\Windows\PFRO.log
2013-12-10 08:59 - 2010-12-03 15:04 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-10 08:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 19:18 - 2010-12-09 12:03 - 00000000 ____D C:\Users\SilenPro\Documents\Felix
2013-12-07 15:05 - 2013-12-07 15:05 - 00002411 _____ C:\Users\Public\Desktop\Spiel Christmas Stories - Eine Weihnachtsgeschichte Sammleredition.lnk
2013-12-07 15:05 - 2013-12-07 15:05 - 00001350 _____ C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2013-12-07 15:05 - 2013-12-07 15:00 - 00000000 ____D C:\Program Files (x86)\Christmas Stories - Eine Weihnachtsgeschichte Sammleredition
2013-12-07 15:00 - 2013-12-07 15:00 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Christmas Stories - Eine Weihnachtsgeschichte Sammleredition
2013-12-07 14:56 - 2013-12-07 14:55 - 00236648 _____ (Big Fish Games) C:\Users\SilenPro\Downloads\fierce-tales-marcus-memory_s2_l2_gF6477T1L2_d2211193870.exe
2013-12-07 14:55 - 2013-12-07 14:55 - 00002270 _____ C:\Users\Public\Desktop\Spiel Forest Legends - Der Ruf der Liebe Sammleredition.lnk
2013-12-07 14:55 - 2013-12-07 14:52 - 00000000 ____D C:\Program Files (x86)\Forest Legends - Der Ruf der Liebe Sammleredition
2013-12-07 14:55 - 2013-07-12 14:20 - 00000000 ____D C:\BigFishCache
2013-12-07 14:55 - 2012-02-27 15:58 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\AlawarEntertainment
2013-12-07 14:52 - 2013-12-07 14:52 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forest Legends - Der Ruf der Liebe Sammleredition
2013-12-07 09:29 - 2009-07-14 18:58 - 00710492 _____ C:\Windows\system32\perfh007.dat
2013-12-07 09:29 - 2009-07-14 18:58 - 00154504 _____ C:\Windows\system32\perfc007.dat
2013-12-07 09:29 - 2009-07-14 06:13 - 01652092 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-04 22:15 - 2013-12-04 22:15 - 00002337 _____ C:\Users\Public\Desktop\Spiel Clockwork Tales - Die Geschichte von Glass und Ink.lnk
2013-12-04 22:15 - 2013-12-04 22:14 - 00000000 ____D C:\Program Files (x86)\Clockwork Tales - Die Geschichte von Glass und Ink
2013-12-04 22:14 - 2013-12-04 22:14 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clockwork Tales - Die Geschichte von Glass und Ink
2013-12-04 22:05 - 2012-03-26 10:42 - 00000000 ____D C:\Users\SilenPro\Documents\Matze
2013-12-04 22:04 - 2012-04-14 09:59 - 00000000 ____D C:\Users\SilenPro\Documents\Erbengemeinschaft
2013-12-04 22:04 - 2010-12-09 12:01 - 00000000 ____D C:\Users\SilenPro\Documents\Anlage
2013-12-03 16:04 - 2013-12-03 16:04 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Snz
2013-12-03 16:04 - 2013-06-14 11:21 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\SCheck
2013-12-03 16:04 - 2013-06-14 11:21 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Intermediate
2013-12-02 17:55 - 2013-12-02 17:55 - 00236648 _____ (Big Fish Games) C:\Users\SilenPro\Downloads\forest-legends-the-call-of-love-ce_s2_l2_gF6484T1L2_d2208297478(1).exe
2013-12-02 16:42 - 2010-12-09 12:01 - 00000000 ____D C:\Users\SilenPro\Documents\Beruf
2013-12-01 19:13 - 2011-04-17 16:50 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Elephant Games
2013-12-01 09:44 - 2013-12-01 09:40 - 00000000 ____D C:\Users\SilenPro\Documents\Flohmarkt
2013-11-29 11:27 - 2013-11-29 11:27 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Anuman
2013-11-28 22:15 - 2010-12-09 12:03 - 00000000 ____D C:\Users\SilenPro\Documents\Wohnung Ullsteinstraße
2013-11-28 22:13 - 2013-11-28 22:13 - 00001045 _____ C:\Users\UpdatusUser\Desktop\Winmail Opener.lnk
2013-11-28 22:13 - 2013-11-28 22:13 - 00001045 _____ C:\Users\SilenPro\Desktop\Winmail Opener.lnk
2013-11-28 22:13 - 2013-11-28 22:13 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener
2013-11-28 22:13 - 2013-11-28 22:13 - 00000000 ____D C:\Program Files (x86)\Winmail Opener
2013-11-28 22:12 - 2013-11-28 22:12 - 00328095 _____ C:\Users\SilenPro\Downloads\winmail_opener.exe
2013-11-26 17:18 - 2013-07-01 20:43 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Chayowo Games
2013-11-26 11:47 - 2011-05-07 16:59 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\ERS Game Studios
2013-11-25 13:00 - 2012-06-13 20:44 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\4 Friends Games
2013-11-22 08:48 - 2010-12-05 12:44 - 00000000 ____D C:\Users\SilenPro\AppData\Local\Microsoft Help
2013-11-22 08:24 - 2010-12-05 12:56 - 00000000 ____D C:\Users\SilenPro\AppData\Local\Adobe
2013-11-22 08:23 - 2012-04-02 12:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 08:23 - 2012-04-02 12:23 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 08:23 - 2011-05-19 07:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-21 23:00 - 2013-11-21 23:00 - 00288050 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-11-21 23:00 - 2013-11-21 22:59 - 00291268 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-11-21 16:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-21 13:09 - 2012-04-02 13:14 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Mariaglorum
2013-11-21 11:54 - 2013-07-04 15:13 - 00000000 ____D C:\ProgramData\Playrix Entertainment
2013-11-21 10:43 - 2011-01-10 21:49 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Orneon
2013-11-20 19:05 - 2013-11-20 19:05 - 00001755 _____ C:\Users\SilenPro\AppData\Roaming\SAS7_000.DAT
2013-11-20 18:04 - 2013-11-20 18:04 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Nuance
2013-11-20 17:54 - 2013-11-20 17:54 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\FLEXnet
2013-11-20 17:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Speech
2013-11-20 17:52 - 2013-11-20 17:52 - 00002799 _____ C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\Nuance
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\Macrovision
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\Program Files (x86)\Nuance
2013-11-20 17:30 - 2013-11-20 17:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-11-20 15:23 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-20 14:54 - 2010-12-05 13:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-20 14:54 - 2010-12-05 13:47 - 00000000 ____D C:\Program Files (x86)\Deep Silver
2013-11-20 14:47 - 2013-11-20 14:47 - 00003162 _____ C:\Windows\System32\Tasks\{61D34957-CE07-4807-ACBA-DB8897B90604}
2013-11-20 14:31 - 2010-12-09 12:03 - 00000000 ____D C:\Users\SilenPro\Documents\TrennungSyno
2013-11-20 14:11 - 2013-11-20 14:11 - 00018432 _____ C:\Users\SilenPro\Documents\DragonSupportPackage_20131120_1411.dgnarc
2013-11-20 13:46 - 2010-12-03 13:57 - 00001417 _____ C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-20 13:44 - 2012-04-25 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 13:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-20 13:25 - 2013-11-20 00:05 - 00015479 _____ C:\Windows\IE11_main.log
2013-11-20 13:21 - 2013-11-20 13:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-20 13:21 - 2013-11-20 13:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-20 13:20 - 2013-11-20 13:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-20 13:20 - 2013-11-20 13:20 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-20 13:20 - 2013-11-20 13:20 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-20 13:20 - 2013-11-20 13:20 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-20 13:20 - 2013-11-20 13:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-20 13:20 - 2013-11-20 13:20 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-20 13:20 - 2013-11-20 13:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-20 13:20 - 2013-11-20 13:20 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-20 13:20 - 2013-11-20 13:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-20 13:20 - 2013-11-20 13:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-20 12:58 - 2011-08-26 16:23 - 00002842 _____ C:\Windows\KB893803v2.log
2013-11-20 11:46 - 2013-10-14 14:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-11-20 00:05 - 2011-02-06 13:50 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-20 00:04 - 2011-02-06 13:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-20 00:04 - 2011-02-06 13:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-19 13:00 - 2012-09-07 13:44 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Eipix
2013-11-19 11:21 - 2010-12-05 11:13 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 10:21 - 2013-11-18 10:14 - 622738047 _____ C:\Users\SilenPro\Downloads\Schiller.zip
2013-11-17 10:56 - 2013-11-17 10:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 16:27 - 2013-11-15 16:27 - 00003162 _____ C:\Windows\System32\Tasks\{775D0F7B-B5B0-4117-B8C0-9CFE54B85B5A}
2013-11-15 09:11 - 2013-11-15 09:11 - 00001105 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Malwarebytes
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 15:44 - 2013-11-14 15:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-14 15:44 - 2013-11-14 15:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-13 22:56 - 2010-12-05 12:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 22:55 - 2013-08-16 02:05 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 22:52 - 2010-12-08 18:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 14:57 - 2010-12-09 12:03 - 00000000 ____D C:\Users\SilenPro\Documents\divers
2013-11-13 11:46 - 2012-03-06 17:32 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2013-11-13 00:51 - 2013-11-13 00:50 - 00000680 __RSH C:\Users\SilenPro\ntuser.pol
2013-11-13 00:51 - 2010-12-03 13:56 - 00000000 ____D C:\Users\SilenPro
2013-11-13 00:50 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-13 00:35 - 2011-07-27 07:10 - 00000000 ____D C:\Users\SilenPro\Documents\Mama
2013-11-12 11:01 - 2011-01-14 16:49 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Boomzap

Files to move or delete:
====================
C:\Users\SilenPro\7z920.exe


Some content of TEMP:
====================
C:\Users\SilenPro\AppData\Local\Temp\avgnt.exe
C:\Users\SilenPro\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 09:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2013
Ran by SilenPro at 2013-12-10 13:15:36
Running from C:\Users\SilenPro\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.22beta (x32)
A New Beginning (x32 Version: 0238)
Adelantado Trilogy: Book One (x32)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Anno 1404 (x32 Version: 1.00.0000)
ANNO 1404 (x32 Version: 1.01.0000)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Architekt Pro (x32 Version: 1.00.0000)
Audacity 1.3.13 (Unicode) (x32)
Bau der Großen Mauer in China (x32)
Big Fish: Game Manager (x32 Version: 3.2.0.6)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-J410 (x32 Version: 1.0.3.0)
Christmas Stories: Eine Weihnachtsgeschichte Sammleredition (x32)
Clockwork Tales: Die Geschichte von Glass und Ink (x32)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.686)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686)
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - CZ (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - IPM HSE (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - PL (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - RU (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3)
CorelDRAW Home & Student Suite X5 - Extra Content (x32 Version: 15.0)
CorelDRAW Home & Student Suite X5 - Extra Content (x32)
CorelDRAW Home & Student Suite X5 (x32 Version: 15.1)
CorelDRAW(R) Home & Student Suite X5 (x32 Version: 15.2.0.686)
Das gelobte Land (x32)
Dragon NaturallySpeaking 12 (x32 Version: 12.00.100)
Dropbox (HKCU Version: 2.0.22)
Ein Yankee unter Rittern (x32)
FileZilla Client 3.7.2 (x32 Version: 3.7.2)
Forest Legends: Der Ruf der Liebe Sammleredition (x32)
Free M4a to MP3 Converter 7.2 (x32)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
Garmin Training Center (x32 Version: 3.6.5)
Garmin USB Drivers (x32 Version: 2.3.1.0)
Garmin WebUpdater (x32 Version: 2.5.6)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
IKEA Home Planner (x32 Version: 2.0.3)
Im Land der Wikinger (x32)
IrfanView (remove only) (x32 Version: 4.30)
iTunes (Version: 11.1.0.126)
Java 7 Update 21 (x32 Version: 7.0.210)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
M4P MP3 Converter 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 24.1.1)
Mozilla Thunderbird 24.1.1 (x86 de) (x32 Version: 24.1.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0)
NetObjects Fusion 12.0 (x32 Version: 12 German)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041)
Northern Tale (x32)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22)
NVIDIA Display Control Panel (Version: 6.14.12.5856)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
NX Client for Windows 3.5.0-9 (x32 Version: 3.5.0-9)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
QuickTime (x32 Version: 7.74.80.86)
Roads of Rome II (x32)
Roads of Rome III (x32)
Safari (x32 Version: 5.34.57.2)
Secrets of the Dark - Geheimnis des Familienanwesens (x32)
Spybot - Search & Destroy (x32 Version: 2.2.25)
Supercow (x32)
Sweet Home 3D version 4.1 (x32)
swMSM (x32 Version: 12.0.0.1)
TeamViewer 7 (x32 Version: 7.0.12979)
tools-linux (x32 Version: 8.8.4.744019)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Vermieter-Praxishandbuch (x32)
VmciSockets (Version: 9.1.54.1)
VMware Player (x32 Version: 4.0.4.30409)
Vtune 7.10 (x32)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Winload Toolbar (x32 Version: 6.9.0.16)
Winmail Opener 1.4 (x32 Version: 1.4)
WinSCP 4.3.8 (x32 Version: 4.3.8)
WISO Hausverwalter 2012 (x32 Version: 6.00.7549)
WISO Hausverwalter 2013 (x32 Version: 7.00.7718)
World Mosaics 3 - Fairy Tales (x32)

==================== Restore Points  =========================

28-11-2013 15:00:40 Windows Update
01-12-2013 15:43:05 Windows Update
05-12-2013 14:15:21 Windows Update
09-12-2013 17:35:45 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {21700036-CD29-4BE6-B008-FFB656DC4FD8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {6A3C3DE6-8AE7-4F3C-A4CF-B184B61BB830} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {9A09B683-8CE9-4692-A121-E20ED3DCD93B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A0EA602B-7254-4A21-BA98-5FBFDEA96F32} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {A128BB5D-8E6E-44B2-B4F5-2BAF3F85EA28} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {A15121EE-EE3F-4AB7-93D4-28399A717096} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05] (Google Inc.)
Task: {B08BB995-44AA-4D12-9DBA-F69CD1BC0A2B} - System32\Tasks\{170DA063-06BE-40A7-AEEF-8158B3F48ACF} => C:\Users\SilenPro\Downloads\314.22-desktop-win8-win7-winvista-64bit-international-whql(1).exe
Task: {D405DBA3-8177-41EC-88D7-1A91B7BCB69C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-06 13:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-06 13:42 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-06 13:42 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-11-06 13:42 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-11-06 13:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-06-09 01:36 - 2012-06-09 01:36 - 01229464 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2010-12-03 14:57 - 1998-10-31 04:55 - 00005120 _____ () C:\Program Files (x86)\Vtune\TBManage.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\SilenPro\AppData\Roaming\Dropbox\bin\libcef.dll
2012-06-21 14:39 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-11-17 10:56 - 2013-11-17 10:56 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:000D6A25
AlternateDataStreams: C:\ProgramData\TEMP:00D99749
AlternateDataStreams: C:\ProgramData\TEMP:00F3978A
AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
AlternateDataStreams: C:\ProgramData\TEMP:0168CC60
AlternateDataStreams: C:\ProgramData\TEMP:0205B36B
AlternateDataStreams: C:\ProgramData\TEMP:021496FB
AlternateDataStreams: C:\ProgramData\TEMP:021703B2
AlternateDataStreams: C:\ProgramData\TEMP:02172F27
AlternateDataStreams: C:\ProgramData\TEMP:025DF3DE
AlternateDataStreams: C:\ProgramData\TEMP:02F30776
AlternateDataStreams: C:\ProgramData\TEMP:036AA5DD
AlternateDataStreams: C:\ProgramData\TEMP:0410A323
AlternateDataStreams: C:\ProgramData\TEMP:041C0562
AlternateDataStreams: C:\ProgramData\TEMP:041ED421
AlternateDataStreams: C:\ProgramData\TEMP:0474F714
AlternateDataStreams: C:\ProgramData\TEMP:04ADB7A6
AlternateDataStreams: C:\ProgramData\TEMP:04BC9A2C
AlternateDataStreams: C:\ProgramData\TEMP:04EAB86F
AlternateDataStreams: C:\ProgramData\TEMP:0785072C
AlternateDataStreams: C:\ProgramData\TEMP:084612C9
AlternateDataStreams: C:\ProgramData\TEMP:08E5EE32
AlternateDataStreams: C:\ProgramData\TEMP:09AEED56
AlternateDataStreams: C:\ProgramData\TEMP:0B79AB8D
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:0C1258F3
AlternateDataStreams: C:\ProgramData\TEMP:0C9E06A2
AlternateDataStreams: C:\ProgramData\TEMP:0CEE6109
AlternateDataStreams: C:\ProgramData\TEMP:0E10B960
AlternateDataStreams: C:\ProgramData\TEMP:0E5CFA74
AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545
AlternateDataStreams: C:\ProgramData\TEMP:0F64164E
AlternateDataStreams: C:\ProgramData\TEMP:0FD8569B
AlternateDataStreams: C:\ProgramData\TEMP:0FE0A03C
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:104A1C3E
AlternateDataStreams: C:\ProgramData\TEMP:10B970A9
AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA
AlternateDataStreams: C:\ProgramData\TEMP:10DB9BB7
AlternateDataStreams: C:\ProgramData\TEMP:1181620C
AlternateDataStreams: C:\ProgramData\TEMP:120B3AFD
AlternateDataStreams: C:\ProgramData\TEMP:120E44A4
AlternateDataStreams: C:\ProgramData\TEMP:12258D63
AlternateDataStreams: C:\ProgramData\TEMP:1234ADAE
AlternateDataStreams: C:\ProgramData\TEMP:12383CAE
AlternateDataStreams: C:\ProgramData\TEMP:128B55C8
AlternateDataStreams: C:\ProgramData\TEMP:12D21A9A
AlternateDataStreams: C:\ProgramData\TEMP:13019F4B
AlternateDataStreams: C:\ProgramData\TEMP:13CDB0E0
AlternateDataStreams: C:\ProgramData\TEMP:140AD176
AlternateDataStreams: C:\ProgramData\TEMP:1604D047
AlternateDataStreams: C:\ProgramData\TEMP:164561C8
AlternateDataStreams: C:\ProgramData\TEMP:18A25CF1
AlternateDataStreams: C:\ProgramData\TEMP:18B241CC
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
AlternateDataStreams: C:\ProgramData\TEMP:19474103
AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A
AlternateDataStreams: C:\ProgramData\TEMP:1A15E356
AlternateDataStreams: C:\ProgramData\TEMP:1A259A13
AlternateDataStreams: C:\ProgramData\TEMP:1B389835
AlternateDataStreams: C:\ProgramData\TEMP:1B96CF22
AlternateDataStreams: C:\ProgramData\TEMP:1C201DEB
AlternateDataStreams: C:\ProgramData\TEMP:1E87A273
AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9
AlternateDataStreams: C:\ProgramData\TEMP:1EAB6298
AlternateDataStreams: C:\ProgramData\TEMP:1EC13383
AlternateDataStreams: C:\ProgramData\TEMP:2043337E
AlternateDataStreams: C:\ProgramData\TEMP:2211E7A0
AlternateDataStreams: C:\ProgramData\TEMP:2339C9FD
AlternateDataStreams: C:\ProgramData\TEMP:23834E1E
AlternateDataStreams: C:\ProgramData\TEMP:24164710
AlternateDataStreams: C:\ProgramData\TEMP:244E4E3A
AlternateDataStreams: C:\ProgramData\TEMP:254AD2ED
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:25F31665
AlternateDataStreams: C:\ProgramData\TEMP:26499772
AlternateDataStreams: C:\ProgramData\TEMP:2652902F
AlternateDataStreams: C:\ProgramData\TEMP:26991AB9
AlternateDataStreams: C:\ProgramData\TEMP:26A148EB
AlternateDataStreams: C:\ProgramData\TEMP:271E16B0
AlternateDataStreams: C:\ProgramData\TEMP:27A88EF2
AlternateDataStreams: C:\ProgramData\TEMP:282CE153
AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
AlternateDataStreams: C:\ProgramData\TEMP:28DFF83F
AlternateDataStreams: C:\ProgramData\TEMP:2979C892
AlternateDataStreams: C:\ProgramData\TEMP:29C0641D
AlternateDataStreams: C:\ProgramData\TEMP:29F0CA7D
AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2AF322BF
AlternateDataStreams: C:\ProgramData\TEMP:2B9555D8
AlternateDataStreams: C:\ProgramData\TEMP:2C4F33F6
AlternateDataStreams: C:\ProgramData\TEMP:2C86E2AD
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6
AlternateDataStreams: C:\ProgramData\TEMP:2E3F04BC
AlternateDataStreams: C:\ProgramData\TEMP:2E636DD9
AlternateDataStreams: C:\ProgramData\TEMP:2F360FB3
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:2F70C0B4
AlternateDataStreams: C:\ProgramData\TEMP:319D783D
AlternateDataStreams: C:\ProgramData\TEMP:32289BE8
AlternateDataStreams: C:\ProgramData\TEMP:3241739E
AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
AlternateDataStreams: C:\ProgramData\TEMP:32EA849C
AlternateDataStreams: C:\ProgramData\TEMP:3480F458
AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:366EFA1A
AlternateDataStreams: C:\ProgramData\TEMP:371060CE
AlternateDataStreams: C:\ProgramData\TEMP:374CECA7
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:391535F9
AlternateDataStreams: C:\ProgramData\TEMP:3969ACF7
AlternateDataStreams: C:\ProgramData\TEMP:397D67BA
AlternateDataStreams: C:\ProgramData\TEMP:398D2775
AlternateDataStreams: C:\ProgramData\TEMP:3A133158
AlternateDataStreams: C:\ProgramData\TEMP:3A28C54D
AlternateDataStreams: C:\ProgramData\TEMP:3A7527E8
AlternateDataStreams: C:\ProgramData\TEMP:3AF262FC
AlternateDataStreams: C:\ProgramData\TEMP:3B454A5C
AlternateDataStreams: C:\ProgramData\TEMP:3B633DE9
AlternateDataStreams: C:\ProgramData\TEMP:3B71586E
AlternateDataStreams: C:\ProgramData\TEMP:3B75B877
AlternateDataStreams: C:\ProgramData\TEMP:3C4BD225
AlternateDataStreams: C:\ProgramData\TEMP:3D887DCC
AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365
AlternateDataStreams: C:\ProgramData\TEMP:3E200C29
AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08
AlternateDataStreams: C:\ProgramData\TEMP:3F266659
AlternateDataStreams: C:\ProgramData\TEMP:401CAF8F
AlternateDataStreams: C:\ProgramData\TEMP:40EE25BB
AlternateDataStreams: C:\ProgramData\TEMP:41CB6858
AlternateDataStreams: C:\ProgramData\TEMP:4244811A
AlternateDataStreams: C:\ProgramData\TEMP:426D1496
AlternateDataStreams: C:\ProgramData\TEMP:43CBFAB2
AlternateDataStreams: C:\ProgramData\TEMP:43F5FA9D
AlternateDataStreams: C:\ProgramData\TEMP:4577F5B4
AlternateDataStreams: C:\ProgramData\TEMP:45912F61
AlternateDataStreams: C:\ProgramData\TEMP:46283136
AlternateDataStreams: C:\ProgramData\TEMP:46CBC45C
AlternateDataStreams: C:\ProgramData\TEMP:474022C7
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:48D6EA0F
AlternateDataStreams: C:\ProgramData\TEMP:491270B8
AlternateDataStreams: C:\ProgramData\TEMP:49EB69E2
AlternateDataStreams: C:\ProgramData\TEMP:4A8EB1C4
AlternateDataStreams: C:\ProgramData\TEMP:4A906D4A
AlternateDataStreams: C:\ProgramData\TEMP:4AC7B5C1
AlternateDataStreams: C:\ProgramData\TEMP:4B7C28B1
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7
AlternateDataStreams: C:\ProgramData\TEMP:4C6F9D77
AlternateDataStreams: C:\ProgramData\TEMP:4C9782FB
AlternateDataStreams: C:\ProgramData\TEMP:4D28BE4D
AlternateDataStreams: C:\ProgramData\TEMP:4D8FCBEF
AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B
AlternateDataStreams: C:\ProgramData\TEMP:4F7FE589
AlternateDataStreams: C:\ProgramData\TEMP:4F852702
AlternateDataStreams: C:\ProgramData\TEMP:5008417E
AlternateDataStreams: C:\ProgramData\TEMP:50868536
AlternateDataStreams: C:\ProgramData\TEMP:512E1728
AlternateDataStreams: C:\ProgramData\TEMP:5197985B
AlternateDataStreams: C:\ProgramData\TEMP:51E66512
AlternateDataStreams: C:\ProgramData\TEMP:52C24010
AlternateDataStreams: C:\ProgramData\TEMP:53B8C5D2
AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6
AlternateDataStreams: C:\ProgramData\TEMP:54403233
AlternateDataStreams: C:\ProgramData\TEMP:54531C7D
AlternateDataStreams: C:\ProgramData\TEMP:553056F1
AlternateDataStreams: C:\ProgramData\TEMP:5539129F
AlternateDataStreams: C:\ProgramData\TEMP:56699AAF
AlternateDataStreams: C:\ProgramData\TEMP:56FBA78D
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:57176330
AlternateDataStreams: C:\ProgramData\TEMP:574F975B
AlternateDataStreams: C:\ProgramData\TEMP:58447932
AlternateDataStreams: C:\ProgramData\TEMP:587F3582
AlternateDataStreams: C:\ProgramData\TEMP:58B3FE52
AlternateDataStreams: C:\ProgramData\TEMP:58E38390
AlternateDataStreams: C:\ProgramData\TEMP:59465B40
AlternateDataStreams: C:\ProgramData\TEMP:59A6876B
AlternateDataStreams: C:\ProgramData\TEMP:5A068EE1
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3
AlternateDataStreams: C:\ProgramData\TEMP:5A5477A9
AlternateDataStreams: C:\ProgramData\TEMP:5ACE199E
AlternateDataStreams: C:\ProgramData\TEMP:5C42F64A
AlternateDataStreams: C:\ProgramData\TEMP:5C4A588B
AlternateDataStreams: C:\ProgramData\TEMP:5C5F2761
AlternateDataStreams: C:\ProgramData\TEMP:5C717402
AlternateDataStreams: C:\ProgramData\TEMP:5CE91C67
AlternateDataStreams: C:\ProgramData\TEMP:5E8C18F1
AlternateDataStreams: C:\ProgramData\TEMP:5EFEB6A1
AlternateDataStreams: C:\ProgramData\TEMP:5FC043A8
AlternateDataStreams: C:\ProgramData\TEMP:5FD26EF3
AlternateDataStreams: C:\ProgramData\TEMP:5FD35242
AlternateDataStreams: C:\ProgramData\TEMP:607A99D7
AlternateDataStreams: C:\ProgramData\TEMP:609658E9
AlternateDataStreams: C:\ProgramData\TEMP:609CAC7C
AlternateDataStreams: C:\ProgramData\TEMP:60AC3BC3
AlternateDataStreams: C:\ProgramData\TEMP:6247E766
AlternateDataStreams: C:\ProgramData\TEMP:627153F1
AlternateDataStreams: C:\ProgramData\TEMP:6294B369
AlternateDataStreams: C:\ProgramData\TEMP:65137F0D
AlternateDataStreams: C:\ProgramData\TEMP:65484F45
AlternateDataStreams: C:\ProgramData\TEMP:65C4D44A
AlternateDataStreams: C:\ProgramData\TEMP:6641B59F
AlternateDataStreams: C:\ProgramData\TEMP:66F7E5A9
AlternateDataStreams: C:\ProgramData\TEMP:674893F9
AlternateDataStreams: C:\ProgramData\TEMP:67A91473
AlternateDataStreams: C:\ProgramData\TEMP:6896CCCE
AlternateDataStreams: C:\ProgramData\TEMP:689AB7E9
AlternateDataStreams: C:\ProgramData\TEMP:68A41423
AlternateDataStreams: C:\ProgramData\TEMP:69F562A6
AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4
AlternateDataStreams: C:\ProgramData\TEMP:6A9CA6CB
AlternateDataStreams: C:\ProgramData\TEMP:6AF67671
AlternateDataStreams: C:\ProgramData\TEMP:6AF6BB0E
AlternateDataStreams: C:\ProgramData\TEMP:6BEADDC0
AlternateDataStreams: C:\ProgramData\TEMP:6BFA43EB
AlternateDataStreams: C:\ProgramData\TEMP:6C74C778
AlternateDataStreams: C:\ProgramData\TEMP:6CF828C2
AlternateDataStreams: C:\ProgramData\TEMP:6DDFD746
AlternateDataStreams: C:\ProgramData\TEMP:6E2D80C8
AlternateDataStreams: C:\ProgramData\TEMP:6E65510A
AlternateDataStreams: C:\ProgramData\TEMP:6ECE93A8
AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:6EFFF8B9
AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
AlternateDataStreams: C:\ProgramData\TEMP:702A7F20
AlternateDataStreams: C:\ProgramData\TEMP:709E81D4
AlternateDataStreams: C:\ProgramData\TEMP:71112705
AlternateDataStreams: C:\ProgramData\TEMP:71AEFFEB
AlternateDataStreams: C:\ProgramData\TEMP:7254CF01
AlternateDataStreams: C:\ProgramData\TEMP:72A1B66A
AlternateDataStreams: C:\ProgramData\TEMP:737160C1
AlternateDataStreams: C:\ProgramData\TEMP:754E278B
AlternateDataStreams: C:\ProgramData\TEMP:75798D9A
AlternateDataStreams: C:\ProgramData\TEMP:75CC0165
AlternateDataStreams: C:\ProgramData\TEMP:769BB147
AlternateDataStreams: C:\ProgramData\TEMP:774A0E14
AlternateDataStreams: C:\ProgramData\TEMP:774C075A
AlternateDataStreams: C:\ProgramData\TEMP:795F6DEC
AlternateDataStreams: C:\ProgramData\TEMP:79875988
AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE
AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
AlternateDataStreams: C:\ProgramData\TEMP:7A632F57
AlternateDataStreams: C:\ProgramData\TEMP:7ADB695A
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:7BE5BAAB
AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9
AlternateDataStreams: C:\ProgramData\TEMP:7C27C41C
AlternateDataStreams: C:\ProgramData\TEMP:7C8AA9A6
AlternateDataStreams: C:\ProgramData\TEMP:7D938C9B
AlternateDataStreams: C:\ProgramData\TEMP:7D9B1030
AlternateDataStreams: C:\ProgramData\TEMP:7E47A57F
AlternateDataStreams: C:\ProgramData\TEMP:7E4E56EA
AlternateDataStreams: C:\ProgramData\TEMP:7ECD9621
AlternateDataStreams: C:\ProgramData\TEMP:7FD60FAD
AlternateDataStreams: C:\ProgramData\TEMP:80253E8D
AlternateDataStreams: C:\ProgramData\TEMP:80FA23CA
AlternateDataStreams: C:\ProgramData\TEMP:82529191
AlternateDataStreams: C:\ProgramData\TEMP:8318A814
AlternateDataStreams: C:\ProgramData\TEMP:834DD57E
AlternateDataStreams: C:\ProgramData\TEMP:84C34762
AlternateDataStreams: C:\ProgramData\TEMP:852F2262
AlternateDataStreams: C:\ProgramData\TEMP:869C6B4A
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:87731E5E
AlternateDataStreams: C:\ProgramData\TEMP:87A3A233
AlternateDataStreams: C:\ProgramData\TEMP:8855A119
AlternateDataStreams: C:\ProgramData\TEMP:8866C899
AlternateDataStreams: C:\ProgramData\TEMP:88FB7F72
AlternateDataStreams: C:\ProgramData\TEMP:8924043A
AlternateDataStreams: C:\ProgramData\TEMP:89FC8EEB
AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098
AlternateDataStreams: C:\ProgramData\TEMP:8B480195
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8B69E3C3
AlternateDataStreams: C:\ProgramData\TEMP:8BE7A048
AlternateDataStreams: C:\ProgramData\TEMP:8C12CFCD
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
AlternateDataStreams: C:\ProgramData\TEMP:90C320E1
AlternateDataStreams: C:\ProgramData\TEMP:9195103F
AlternateDataStreams: C:\ProgramData\TEMP:91A12471
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
AlternateDataStreams: C:\ProgramData\TEMP:927EC486
AlternateDataStreams: C:\ProgramData\TEMP:92BD9737
AlternateDataStreams: C:\ProgramData\TEMP:943971F5
AlternateDataStreams: C:\ProgramData\TEMP:94B25DF5
AlternateDataStreams: C:\ProgramData\TEMP:94B46CA2
AlternateDataStreams: C:\ProgramData\TEMP:9524D821
AlternateDataStreams: C:\ProgramData\TEMP:95D421DF
AlternateDataStreams: C:\ProgramData\TEMP:961B84C5
AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
AlternateDataStreams: C:\ProgramData\TEMP:96AFAB10
AlternateDataStreams: C:\ProgramData\TEMP:9720EBEF
AlternateDataStreams: C:\ProgramData\TEMP:97427454
AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
AlternateDataStreams: C:\ProgramData\TEMP:97B3B270
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4
AlternateDataStreams: C:\ProgramData\TEMP:98CF1A39
AlternateDataStreams: C:\ProgramData\TEMP:993185CB
AlternateDataStreams: C:\ProgramData\TEMP:99515FFA
AlternateDataStreams: C:\ProgramData\TEMP:99AC3203
AlternateDataStreams: C:\ProgramData\TEMP:9A88B65D
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675
AlternateDataStreams: C:\ProgramData\TEMP:9C3AAD57
AlternateDataStreams: C:\ProgramData\TEMP:9C7A32BB
AlternateDataStreams: C:\ProgramData\TEMP:9E05DEB0
AlternateDataStreams: C:\ProgramData\TEMP:9E3D44B7
AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD
AlternateDataStreams: C:\ProgramData\TEMP:9F3CEEE6
AlternateDataStreams: C:\ProgramData\TEMP:9FD757A9
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A0921B2C
AlternateDataStreams: C:\ProgramData\TEMP:A13B696A
AlternateDataStreams: C:\ProgramData\TEMP:A1460B2A
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A2FF62A6
AlternateDataStreams: C:\ProgramData\TEMP:A391510C
AlternateDataStreams: C:\ProgramData\TEMP:A4241298
AlternateDataStreams: C:\ProgramData\TEMP:A42FABF7
AlternateDataStreams: C:\ProgramData\TEMP:A441D13F
AlternateDataStreams: C:\ProgramData\TEMP:A4E7D25F
AlternateDataStreams: C:\ProgramData\TEMP:A5241382
AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67
AlternateDataStreams: C:\ProgramData\TEMP:A6FE7BCC
AlternateDataStreams: C:\ProgramData\TEMP:A798AA1A
AlternateDataStreams: C:\ProgramData\TEMP:A7C40691
AlternateDataStreams: C:\ProgramData\TEMP:A8185163
AlternateDataStreams: C:\ProgramData\TEMP:A819A132
AlternateDataStreams: C:\ProgramData\TEMP:A8369371
AlternateDataStreams: C:\ProgramData\TEMP:A9056F42
AlternateDataStreams: C:\ProgramData\TEMP:A9223B61
AlternateDataStreams: C:\ProgramData\TEMP:A9364E30
AlternateDataStreams: C:\ProgramData\TEMP:A9562832
AlternateDataStreams: C:\ProgramData\TEMP:A9ABA3FF
AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D
AlternateDataStreams: C:\ProgramData\TEMP:AA0017FD
AlternateDataStreams: C:\ProgramData\TEMP:AA0BC725
AlternateDataStreams: C:\ProgramData\TEMP:AAA06E15
AlternateDataStreams: C:\ProgramData\TEMP:AABECEFB
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AC83EA04
AlternateDataStreams: C:\ProgramData\TEMP:AD179392
AlternateDataStreams: C:\ProgramData\TEMP:AD2DB2F9
AlternateDataStreams: C:\ProgramData\TEMP:ADEBE9CA
AlternateDataStreams: C:\ProgramData\TEMP:AE34D87E
AlternateDataStreams: C:\ProgramData\TEMP:AED33A42
AlternateDataStreams: C:\ProgramData\TEMP:AED4A2B7
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:AFC732F7
AlternateDataStreams: C:\ProgramData\TEMP:B01EC114
AlternateDataStreams: C:\ProgramData\TEMP:B02249C3
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B0A727D1
AlternateDataStreams: C:\ProgramData\TEMP:B1381B34
AlternateDataStreams: C:\ProgramData\TEMP:B139DDF3
AlternateDataStreams: C:\ProgramData\TEMP:B21F2857
AlternateDataStreams: C:\ProgramData\TEMP:B285A50E
AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69
AlternateDataStreams: C:\ProgramData\TEMP:B33464A5
AlternateDataStreams: C:\ProgramData\TEMP:B3A5945E
AlternateDataStreams: C:\ProgramData\TEMP:B3C7433B
AlternateDataStreams: C:\ProgramData\TEMP:B4258C5D
AlternateDataStreams: C:\ProgramData\TEMP:B4530133
AlternateDataStreams: C:\ProgramData\TEMP:B4F0E275
AlternateDataStreams: C:\ProgramData\TEMP:B504E4C2
AlternateDataStreams: C:\ProgramData\TEMP:B54E4B5A
AlternateDataStreams: C:\ProgramData\TEMP:B61767F5
AlternateDataStreams: C:\ProgramData\TEMP:B6D84F71
AlternateDataStreams: C:\ProgramData\TEMP:B6E6C4EA
AlternateDataStreams: C:\ProgramData\TEMP:B8791731
AlternateDataStreams: C:\ProgramData\TEMP:BACC4A79
AlternateDataStreams: C:\ProgramData\TEMP:BB0F4AA4
AlternateDataStreams: C:\ProgramData\TEMP:BD0A043E
AlternateDataStreams: C:\ProgramData\TEMP:BD34FFC5
AlternateDataStreams: C:\ProgramData\TEMP:BD414E4B
AlternateDataStreams: C:\ProgramData\TEMP:BD50071F
AlternateDataStreams: C:\ProgramData\TEMP:BE0654D6
AlternateDataStreams: C:\ProgramData\TEMP:BE40C8A2
AlternateDataStreams: C:\ProgramData\TEMP:BE6B5FC3
AlternateDataStreams: C:\ProgramData\TEMP:BECA50FF
AlternateDataStreams: C:\ProgramData\TEMP:BEE39E9B
AlternateDataStreams: C:\ProgramData\TEMP:BF6A2C54
AlternateDataStreams: C:\ProgramData\TEMP:BF6C4AAC
AlternateDataStreams: C:\ProgramData\TEMP:C00C7190
AlternateDataStreams: C:\ProgramData\TEMP:C0893153
AlternateDataStreams: C:\ProgramData\TEMP:C0A9D0E7
AlternateDataStreams: C:\ProgramData\TEMP:C0BCE04B
AlternateDataStreams: C:\ProgramData\TEMP:C0D23A2F
AlternateDataStreams: C:\ProgramData\TEMP:C178954A
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C2F24DB5
AlternateDataStreams: C:\ProgramData\TEMP:C3899C0B
AlternateDataStreams: C:\ProgramData\TEMP:C3E7F2E9
AlternateDataStreams: C:\ProgramData\TEMP:C4288847
AlternateDataStreams: C:\ProgramData\TEMP:C458CC0A
AlternateDataStreams: C:\ProgramData\TEMP:C48905F4
AlternateDataStreams: C:\ProgramData\TEMP:C49A5AD1
AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1
AlternateDataStreams: C:\ProgramData\TEMP:C5D15631
AlternateDataStreams: C:\ProgramData\TEMP:C6104C4F
AlternateDataStreams: C:\ProgramData\TEMP:C669F3E1
AlternateDataStreams: C:\ProgramData\TEMP:C82CA1C0
AlternateDataStreams: C:\ProgramData\TEMP:C8E3A625
AlternateDataStreams: C:\ProgramData\TEMP:C98828D3
AlternateDataStreams: C:\ProgramData\TEMP:C9B27A06
AlternateDataStreams: C:\ProgramData\TEMP:CA7E8F16
AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34
AlternateDataStreams: C:\ProgramData\TEMP:CAE3AE67
AlternateDataStreams: C:\ProgramData\TEMP:CB3667AF
AlternateDataStreams: C:\ProgramData\TEMP:CB5AA1E6
AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D
AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CCD8056E
AlternateDataStreams: C:\ProgramData\TEMP:CE506F23
AlternateDataStreams: C:\ProgramData\TEMP:D026A5A4
AlternateDataStreams: C:\ProgramData\TEMP:D086B88D
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP:D3B50759
AlternateDataStreams: C:\ProgramData\TEMP:D434342F
AlternateDataStreams: C:\ProgramData\TEMP:D4558A0B
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D5BF78B4
AlternateDataStreams: C:\ProgramData\TEMP:D621CFB8
AlternateDataStreams: C:\ProgramData\TEMP:D6A4A911
AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56
AlternateDataStreams: C:\ProgramData\TEMP:D9656460
AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5
AlternateDataStreams: C:\ProgramData\TEMP:D9F34335
AlternateDataStreams: C:\ProgramData\TEMP:DA5888A7
AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7
AlternateDataStreams: C:\ProgramData\TEMP:DBB33506
AlternateDataStreams: C:\ProgramData\TEMP:DBC3D477
AlternateDataStreams: C:\ProgramData\TEMP:DBEF355E
AlternateDataStreams: C:\ProgramData\TEMP:DC0B1070
AlternateDataStreams: C:\ProgramData\TEMP:DC9915D2
AlternateDataStreams: C:\ProgramData\TEMP:DCA79AB3
AlternateDataStreams: C:\ProgramData\TEMP:DD04902E
AlternateDataStreams: C:\ProgramData\TEMP:DDF112BD
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DF5ABA3D
AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E
AlternateDataStreams: C:\ProgramData\TEMP:E0888117
AlternateDataStreams: C:\ProgramData\TEMP:E1520A02
AlternateDataStreams: C:\ProgramData\TEMP:E265ED33
AlternateDataStreams: C:\ProgramData\TEMP:E3615992
AlternateDataStreams: C:\ProgramData\TEMP:E40AB54F
AlternateDataStreams: C:\ProgramData\TEMP:E40D7F76
AlternateDataStreams: C:\ProgramData\TEMP:E4272706
AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
AlternateDataStreams: C:\ProgramData\TEMP:E4FD113F
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9
AlternateDataStreams: C:\ProgramData\TEMP:E517FE76
AlternateDataStreams: C:\ProgramData\TEMP:E5496666
AlternateDataStreams: C:\ProgramData\TEMP:E5AF754F
AlternateDataStreams: C:\ProgramData\TEMP:E5B07840
AlternateDataStreams: C:\ProgramData\TEMP:E5BA9ADD
AlternateDataStreams: C:\ProgramData\TEMP:E690114B
AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
AlternateDataStreams: C:\ProgramData\TEMP:E6BEADB7
AlternateDataStreams: C:\ProgramData\TEMP:E80802C7
AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
AlternateDataStreams: C:\ProgramData\TEMP:E8BE0B80
AlternateDataStreams: C:\ProgramData\TEMP:E8C44CB4
AlternateDataStreams: C:\ProgramData\TEMP:E94FA418
AlternateDataStreams: C:\ProgramData\TEMP:E9B2C525
AlternateDataStreams: C:\ProgramData\TEMP:E9C2F553
AlternateDataStreams: C:\ProgramData\TEMP:ECF3C50F
AlternateDataStreams: C:\ProgramData\TEMP:ECFD9449
AlternateDataStreams: C:\ProgramData\TEMP:ED0B32CA
AlternateDataStreams: C:\ProgramData\TEMP:ED2D63E4
AlternateDataStreams: C:\ProgramData\TEMP:ED6B6C83
AlternateDataStreams: C:\ProgramData\TEMP:EDB03249
AlternateDataStreams: C:\ProgramData\TEMP:EDC744FB
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE69D7DF
AlternateDataStreams: C:\ProgramData\TEMP:EF0BD3A1
AlternateDataStreams: C:\ProgramData\TEMP:EF0F3F33
AlternateDataStreams: C:\ProgramData\TEMP:EFF3C3C8
AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6
AlternateDataStreams: C:\ProgramData\TEMP:F26F5952
AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE
AlternateDataStreams: C:\ProgramData\TEMP:F49868C8
AlternateDataStreams: C:\ProgramData\TEMP:F56BE392
AlternateDataStreams: C:\ProgramData\TEMP:F5B51004
AlternateDataStreams: C:\ProgramData\TEMP:F5D01D7C
AlternateDataStreams: C:\ProgramData\TEMP:F610C203
AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4
AlternateDataStreams: C:\ProgramData\TEMP:F6A0889A
AlternateDataStreams: C:\ProgramData\TEMP:F817E159
AlternateDataStreams: C:\ProgramData\TEMP:F83E8359
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5
AlternateDataStreams: C:\ProgramData\TEMP:F8DE80DB
AlternateDataStreams: C:\ProgramData\TEMP:F94DE3B1
AlternateDataStreams: C:\ProgramData\TEMP:F98E6C67
AlternateDataStreams: C:\ProgramData\TEMP:F9F58B80
AlternateDataStreams: C:\ProgramData\TEMP:FB08C210
AlternateDataStreams: C:\ProgramData\TEMP:FB4262DE
AlternateDataStreams: C:\ProgramData\TEMP:FB71A279
AlternateDataStreams: C:\ProgramData\TEMP:FBA79096
AlternateDataStreams: C:\ProgramData\TEMP:FBFC061F
AlternateDataStreams: C:\ProgramData\TEMP:FC70A22A
AlternateDataStreams: C:\ProgramData\TEMP:FD11E093
AlternateDataStreams: C:\ProgramData\TEMP:FD6DB82C
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
AlternateDataStreams: C:\ProgramData\TEMP:FD7DCDA6
AlternateDataStreams: C:\ProgramData\TEMP:FDEE14AC

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 09:53:44 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/10/2013 09:53:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/08/2013 07:07:53 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/08/2013 10:16:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/08/2013 10:15:58 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/08/2013 09:49:08 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ISUSPM.exe, Version: 13.0.0.43575, Zeitstempel: 0x4e9664be
Name des fehlerhaften Moduls: ISUSPM.exe, Version: 13.0.0.43575, Zeitstempel: 0x4e9664be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ab4b
ID des fehlerhaften Prozesses: 0xf8c
Startzeit der fehlerhaften Anwendung: 0xISUSPM.exe0
Pfad der fehlerhaften Anwendung: ISUSPM.exe1
Pfad des fehlerhaften Moduls: ISUSPM.exe2
Berichtskennung: ISUSPM.exe3

Error: (12/07/2013 05:21:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11138

Error: (12/07/2013 05:21:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11138

Error: (12/07/2013 05:21:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/07/2013 05:20:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10140


System errors:
=============
Error: (12/10/2013 09:02:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/10/2013 09:02:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/10/2013 08:59:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/10/2013 08:57:31 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/09/2013 06:28:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/09/2013 06:28:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/09/2013 06:25:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/08/2013 08:18:05 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/07/2013 09:26:47 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/07/2013 09:26:47 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (04/04/2013 04:24:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 23045 seconds with 5520 seconds of active time.  This session ended with a crash.

Error: (10/19/2012 09:42:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 135237 seconds with 11040 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 4094.05 MB
Available physical RAM: 2424.66 MB
Total Pagefile: 8186.29 MB
Available Pagefile: 5944.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:803.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: ED86608E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Bitte sehr!


Alt 12.12.2013, 09:01   #6
schrauber
/// the machine
/// TB-Ausbilder
 

weiße Popups - Standard

weiße Popups



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> weiße Popups

Alt 12.12.2013, 13:58   #7
Tinalina
 
weiße Popups - Standard

weiße Popups



Da muß ich doch gleich mal ganz dumm fragen, wie deaktiviert man denn die Dinger?

Alt 13.12.2013, 08:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

weiße Popups - Standard

weiße Popups



Meist ein Rechtsklick auf das Icon in der Taskleiste, dann deaktivieren wählen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.12.2013, 12:45   #9
Tinalina
 
weiße Popups - Standard

weiße Popups



Hallo Schrauber,

habe jetzt combofix ausgeführt, vorher aber Malwarebytes gelöscht, weil ich es nicht hingekriegt habe, es zu deaktivieren. Soll ich es mir wieder herunterladen?
Code:
ATTFilter
ComboFix 13-12-13.01 - SilenPro 14.12.2013  13:19:30.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.2487 [GMT 1:00]
ausgeführt von:: c:\users\SilenPro\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\searchplugins\search.xml
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-14 bis 2013-12-14  ))))))))))))))))))))))))))))))
.
.
2013-12-14 12:26 . 2013-12-14 12:26	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-12-14 12:26 . 2013-12-14 12:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-14 11:40 . 2013-11-18 00:28	10285968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCCD5483-65EC-491A-B08D-860A44F90077}\mpengine.dll
2013-12-12 18:09 . 2013-12-12 18:09	--------	d-----w-	c:\users\SilenPro\AppData\Roaming\STAHKM
2013-12-12 18:04 . 2013-12-12 18:06	--------	d-----w-	c:\program files (x86)\Scarytales - Lang lebe Koenig Zulfo
2013-12-12 02:08 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 02:08 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 02:08 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-12 02:08 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-12 02:08 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-11 15:40 . 2013-12-11 15:44	--------	d-----w-	c:\program files (x86)\Grim Tales - Bloody Mary
2013-12-11 15:30 . 2013-10-30 02:32	335360	----a-w-	c:\windows\system32\msieftp.dll
2013-12-11 15:30 . 2013-10-30 02:19	301568	----a-w-	c:\windows\SysWow64\msieftp.dll
2013-12-11 15:30 . 2013-10-30 01:24	3155968	----a-w-	c:\windows\system32\win32k.sys
2013-12-11 15:30 . 2013-11-23 18:26	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-12-11 15:30 . 2013-11-23 17:47	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-12-11 15:30 . 2013-10-19 02:18	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-12-11 15:30 . 2013-10-19 01:36	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-12-10 22:02 . 2013-12-11 15:08	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-12-10 12:13 . 2013-12-10 12:13	--------	d-----w-	C:\FRST
2013-12-03 15:04 . 2013-12-03 15:04	--------	d-----w-	c:\users\SilenPro\AppData\Roaming\Snz
2013-11-29 10:27 . 2013-11-29 10:27	--------	d-----w-	c:\users\SilenPro\AppData\Roaming\Anuman
2013-11-28 21:13 . 2013-11-28 21:13	--------	d-----w-	c:\program files (x86)\Winmail Opener
2013-11-20 17:04 . 2013-11-20 17:04	--------	d-----w-	c:\users\SilenPro\AppData\Roaming\Nuance
2013-11-20 16:54 . 2013-11-20 16:54	--------	d-----w-	c:\users\SilenPro\AppData\Roaming\FLEXnet
2013-11-20 16:51 . 2013-11-20 16:51	--------	d-----w-	c:\program files (x86)\Common Files\IVA
2013-11-20 16:49 . 2013-11-20 16:50	--------	d-----w-	c:\program files (x86)\Common Files\Nuance
2013-11-20 16:37 . 2013-11-20 16:37	--------	d-----w-	c:\programdata\Macrovision
2013-11-20 16:37 . 2013-11-20 16:37	--------	d-----w-	c:\programdata\FLEXnet
2013-11-20 16:37 . 2013-11-20 16:37	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2013-11-20 16:37 . 2013-11-20 16:37	--------	d-----w-	c:\programdata\Nuance
2013-11-20 16:37 . 2013-11-20 16:37	--------	d-----w-	c:\program files (x86)\Nuance
2013-11-20 16:30 . 2013-11-20 16:30	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2013-11-20 12:25 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-11-20 12:21 . 2013-11-20 12:21	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 12:21 . 2013-11-20 12:21	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-11-15 08:11 . 2013-11-15 08:11	--------	d-----w-	c:\users\SilenPro\AppData\Roaming\Malwarebytes
2013-11-15 08:11 . 2013-11-15 08:11	--------	d-----w-	c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 12:08 . 2010-12-08 17:52	90708896	----a-w-	c:\windows\system32\MRT.exe
2013-12-12 02:00 . 2012-04-02 11:23	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-12 02:00 . 2011-05-19 06:12	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 02:33 . 2010-12-05 10:13	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-10-12 02:30 . 2013-11-13 09:26	830464	----a-w-	c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 09:26	859648	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 09:26	324096	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 09:26	656896	----a-w-	c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 09:26	216576	----a-w-	c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 09:26	1474048	----a-w-	c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 09:26	1168384	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 09:26	190464	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 09:26	197120	----a-w-	c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 09:26	1930752	----a-w-	c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 09:26	152576	----a-w-	c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 09:26	168960	----a-w-	c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 09:26	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 09:26	404480	----a-w-	c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 09:26	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 09:26	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-13 09:26	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 09:26	154560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 09:26	28672	----a-w-	c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 09:26	135680	----a-w-	c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 09:26	28160	----a-w-	c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 09:26	340992	----a-w-	c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 09:26	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 09:26	1447936	----a-w-	c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 09:26	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 09:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 09:26	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 09:26	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 09:26	30720	----a-w-	c:\windows\system32\lsass.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\Winload\prxtbWin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\SilenPro\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\SilenPro\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\SilenPro\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-06-18 2158592]
"gStart"="c:\program files (x86)\Garmin\Training Center\gStart.exe" [2008-08-13 1891416]
"SSync"="c:\users\SilenPro\AppData\Roaming\SSync\SSync.exe" [2013-04-09 36864]
"DataMgr"="c:\users\SilenPro\AppData\Roaming\DataMgr\DataMgr.exe" [2013-05-20 168848]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-12 2068856]
"SCheck"="c:\users\SilenPro\AppData\Roaming\SCheck\SCheck.exe" [2013-04-09 36864]
"Snoozer"="c:\users\SilenPro\AppData\Roaming\Snz\Snz.exe" [2013-11-27 1226900]
"Intermediate"="c:\users\SilenPro\AppData\Roaming\Intermediate\Intermediate.exe" [2013-04-09 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-12 2068856]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
.
c:\users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\SilenPro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtenic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 14:05	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:01]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 11:53]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 11:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\SilenPro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\SilenPro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\SilenPro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\SilenPro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:8080
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: fabasoft.com\folio
TCP: DhcpNameServer = 192.168.1.253
FF - ProfilePath - c:\users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\
FF - prefs.js: browser.search.defaulturl - hxxp://native-search.com/search.php?channel=de&q=
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://native-search.com/search.php?channel=de&q=
FF - ExtSQL: 2013-11-13 17:30; snt@dotlabs.co; c:\users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\extensions\snt@dotlabs.co.xpi
FF - ExtSQL: 2013-11-19 10:54; {9D6218B8-03C7-4b91-AA43-680B305DD35C}; c:\users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi
FF - ExtSQL: 2013-11-19 10:55; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-20 17:14; om@offermosquito.com; c:\users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\extensions\om@offermosquito.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\SilenPro\AppData\Local\Akamai\netsession_win.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-14  13:29:37
ComboFix-quarantined-files.txt  2013-12-14 12:29
.
Vor Suchlauf: 16 Verzeichnis(se), 863.660.351.488 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 865.247.223.808 Bytes frei
.
- - End Of File - - 169C16FD9BEBFDCD428167FDA3F6A26B
A36C5E4F47E84449FF07ED3517B43A31
         
Und oben also der combofix.log

Bin ja gespannt, was Du mir als nächstes aufträgst.

LG Tina

Alt 15.12.2013, 06:20   #10
schrauber
/// the machine
/// TB-Ausbilder
 

weiße Popups - Standard

weiße Popups



Ja, jetzt


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.12.2013, 11:58   #11
Tinalina
 
weiße Popups - Standard

weiße Popups



Hallo Schrauber,

als erstes Mal das logfile von Malwarebytes - der Rest folgt nach und nach:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
SilenPro :: SILENPRO-PC [Administrator]

15.12.2013 09:18:55
mbam-log-2013-12-15 (09-18-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 534750
Laufzeit: 1 Stunde(n), 37 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
LG Tina

Und der Sermon von AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 15/12/2013 um 12:33:38
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : SilenPro - SILENPRO-PC
# Gestartet von : C:\Users\SilenPro\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Alawar Stargaze
Ordner Gelöscht : C:\ProgramData\AlawarEntertainment
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\Users\SilenPro\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\SilenPro\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\SilenPro\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\fbDownloader
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\quickclick
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\Alawar Stargaze
Ordner Gelöscht : C:\Users\SilenPro\AppData\Roaming\AlawarEntertainment
Ordner Gelöscht : C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Datei Gelöscht : C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\Extensions\om@offermosquito.com.xpi
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Datei Gelöscht : C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\searchplugins\fbdownloader_search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1351351
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-photoshop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-photoshop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_der-einrichtungsplaner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_der-einrichtungsplaner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_icofx_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_icofx_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_steam_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_steam_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88647AB6-F676-42B4-862D-5EF4361C50D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ED1333A-F52F-47D3-A933-5805135A0A96}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\FLEXnet
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\prefs.js ]

Zeile gelöscht : user_pref("om.config", "{\"active\":true,\"name\":\"twde\",\"id\":25,\"dispId\":\"CH-25\",\"aboutLink\":\"\",\"trackingGeneral\":false,\"xhrDomains\":[\"become\",\"shopzilla\",\"twenga\",\"bizrate\"],[...]

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [9980 octets] - [15/12/2013 12:32:07]
AdwCleaner[S0].txt - [8303 octets] - [15/12/2013 12:33:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8363 octets] ##########
         
Und weiter gehts....

Hier die Ergebnisse von JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by SilenPro on 15.12.2013 at 12:41:46,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-508953568-339804466-141527422-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_DeutschAutoUpdateHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_DeutschAutoUpdateHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_DeutschToolbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_DeutschToolbarHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_DeutschAutoUpdateHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_DeutschAutoUpdateHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_DeutschToolbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_DeutschToolbarHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5C557C61-92F5-4BD9-BD81-FE00E503DE86}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\SilenPro\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\SilenPro\appdata\local\big fish"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ FireFox

Successfully deleted the following from C:\Users\SilenPro\AppData\Roaming\mozilla\firefox\profiles\w5smzzai.default-1383735815925\prefs.js

user_pref("browser.search.defaulturl", "hxxp://native-search.com/search.php?channel=de&q=");
user_pref("keyword.URL", "hxxp://native-search.com/search.php?channel=de&q=");
Emptied folder: C:\Users\SilenPro\AppData\Roaming\mozilla\firefox\profiles\w5smzzai.default-1383735815925\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.12.2013 at 12:46:15,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und gleich noch ein neues FRST....


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by SilenPro (administrator) on SILENPRO-PC on 15-12-2013 12:53:20
Running from C:\Users\SilenPro\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\Training Center\gStart.exe
(Dropbox, Inc.) C:\Users\SilenPro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPANEL.exe [2158592 2010-06-18] ()
HKCU\...\Run: [gStart] - C:\Program Files (x86)\Garmin\Training Center\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] - C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini [324 2013-12-15] ()
Startup: C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SilenPro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD585F0B8E3D5CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.253

FireFox:
========
FF ProfilePath: C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925
FF DefaultSearchEngine: Search
FF Homepage: www.metager.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: snt - C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\Extensions\snt@dotlabs.co.xpi
FF Extension: prefs - C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi
FF Extension: Adblock Plus - C:\Users\SilenPro\AppData\Roaming\Mozilla\Firefox\Profiles\w5smzzai.default-1383735815925\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: prefs - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Any New Tab) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfenflmklmpohipcckmagnmbmbibnolo\1.0.0_0
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0
CHR Extension: (Google Wallet) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\SilenPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\SilenPro\AppData\Local\Temp\tbch.crx

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-04-26] (Adobe Systems)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-10] ()
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-10] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation                           )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S2 TBPanel; No ImagePath
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-06-09] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-15 12:53 - 2013-12-15 12:53 - 00000000 ____D C:\Users\SilenPro\Desktop\FRST-OlderVersion
2013-12-15 12:46 - 2013-12-15 12:46 - 00002801 _____ C:\Users\SilenPro\Desktop\JRT.txt
2013-12-15 12:41 - 2013-12-15 12:41 - 01034531 _____ (Thisisu) C:\Users\SilenPro\Desktop\JRT.exe
2013-12-15 12:41 - 2013-12-15 12:41 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 12:31 - 2013-12-15 12:33 - 00000000 ____D C:\AdwCleaner
2013-12-15 12:30 - 2013-12-15 12:30 - 01226802 _____ C:\Users\SilenPro\Desktop\adwcleaner.exe
2013-12-15 09:17 - 2013-12-15 09:17 - 00001105 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 09:17 - 2013-12-15 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 09:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-15 09:16 - 2013-12-15 09:16 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\SilenPro\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-14 13:48 - 2013-12-14 13:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-14 13:48 - 2013-12-14 13:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-14 13:47 - 2013-12-14 13:47 - 13697720 _____ (Microsoft Corporation) C:\Users\SilenPro\Downloads\mseinstall.exe
2013-12-14 13:29 - 2013-12-14 13:29 - 00023234 _____ C:\ComboFix.txt
2013-12-14 13:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-14 13:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-14 13:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-14 13:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-14 13:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-14 13:17 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-14 13:17 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-14 13:17 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-14 12:17 - 2013-12-14 13:29 - 00000000 ____D C:\Qoobox
2013-12-14 12:16 - 2013-12-14 13:28 - 00000000 ____D C:\Windows\erdnt
2013-12-14 12:16 - 2013-12-14 12:15 - 05154339 ____R (Swearware) C:\Users\SilenPro\Desktop\ComboFix.exe
2013-12-14 12:15 - 2013-12-14 12:15 - 05154339 _____ (Swearware) C:\Users\SilenPro\Downloads\ComboFix.exe
2013-12-12 19:09 - 2013-12-12 19:09 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\STAHKM
2013-12-12 19:06 - 2013-12-12 19:06 - 00002138 _____ C:\Users\Public\Desktop\Spiel Scarytales - Lang lebe Koenig Zulfo.lnk
2013-12-12 19:06 - 2013-12-12 19:06 - 00001300 _____ C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2013-12-12 19:04 - 2013-12-12 19:06 - 00000000 ____D C:\Program Files (x86)\Scarytales - Lang lebe Koenig Zulfo
2013-12-12 19:04 - 2013-12-12 19:04 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scarytales - Lang lebe Koenig Zulfo
2013-12-12 03:08 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:08 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:08 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:08 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:06 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:06 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:06 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:06 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:06 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:06 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:06 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:06 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:06 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:06 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:06 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:06 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:06 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:06 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:06 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:06 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:06 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:06 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:06 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:06 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:06 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:06 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:06 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:06 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:06 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:06 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:06 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:06 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:06 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:06 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:06 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 16:44 - 2013-12-11 16:44 - 00002059 _____ C:\Users\Public\Desktop\Spiel Grim Tales - Bloody Mary.lnk
2013-12-11 16:40 - 2013-12-11 16:44 - 00000000 ____D C:\Program Files (x86)\Grim Tales - Bloody Mary
2013-12-11 16:40 - 2013-12-11 16:40 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Bloody Mary
2013-12-11 16:30 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 16:30 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 16:30 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 16:30 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 16:30 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 16:30 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 16:30 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 16:29 - 2013-12-11 16:29 - 00002357 _____ C:\Users\Public\Desktop\Spiel Fairy Tale Mysteries - Die Bohnenstange Sammleredition.lnk
2013-12-11 16:29 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 16:29 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 16:28 - 2013-12-11 16:29 - 00000000 ____D C:\Program Files (x86)\Fairy Tale Mysteries - Die Bohnenstange Sammleredition
2013-12-11 16:28 - 2013-12-11 16:28 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fairy Tale Mysteries - Die Bohnenstange Sammleredition
2013-12-11 16:28 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 16:28 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 16:28 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 16:28 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 16:28 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 16:28 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 16:28 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 16:28 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 16:28 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 16:28 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 16:11 - 2013-12-11 16:11 - 00236648 _____ (Big Fish Games) C:\Users\SilenPro\Downloads\fairy-tale-mysteries-the-beanstalk-ce_s2_l2_gF6513T1L2_d2213825610.exe
2013-12-10 23:02 - 2013-12-11 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-10 13:15 - 2013-12-10 13:16 - 00050532 _____ C:\Users\SilenPro\Desktop\Addition.txt
2013-12-10 13:13 - 2013-12-15 12:53 - 00015448 _____ C:\Users\SilenPro\Desktop\FRST.txt
2013-12-10 13:13 - 2013-12-15 12:53 - 00000000 ____D C:\FRST
2013-12-10 13:11 - 2013-12-15 12:53 - 01927796 _____ (Farbar) C:\Users\SilenPro\Desktop\FRST64.exe
2013-12-02 17:55 - 2013-12-02 17:55 - 00236648 _____ (Big Fish Games) C:\Users\SilenPro\Downloads\forest-legends-the-call-of-love-ce_s2_l2_gF6484T1L2_d2208297478(1).exe
2013-12-01 09:40 - 2013-12-01 09:44 - 00000000 ____D C:\Users\SilenPro\Documents\Flohmarkt
2013-11-29 11:27 - 2013-11-29 11:27 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Anuman
2013-11-28 22:13 - 2013-11-28 22:13 - 00001045 _____ C:\Users\UpdatusUser\Desktop\Winmail Opener.lnk
2013-11-28 22:13 - 2013-11-28 22:13 - 00001045 _____ C:\Users\SilenPro\Desktop\Winmail Opener.lnk
2013-11-28 22:13 - 2013-11-28 22:13 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener
2013-11-28 22:13 - 2013-11-28 22:13 - 00000000 ____D C:\Program Files (x86)\Winmail Opener
2013-11-28 22:12 - 2013-11-28 22:12 - 00328095 _____ C:\Users\SilenPro\Downloads\winmail_opener.exe
2013-11-21 23:00 - 2013-11-21 23:00 - 00288050 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-11-21 22:59 - 2013-11-21 23:00 - 00291268 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-11-20 19:05 - 2013-11-20 19:05 - 00001755 _____ C:\Users\SilenPro\AppData\Roaming\SAS7_000.DAT
2013-11-20 18:04 - 2013-11-20 18:04 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Nuance
2013-11-20 17:54 - 2013-11-20 17:54 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\FLEXnet
2013-11-20 17:52 - 2013-11-20 17:52 - 00002799 _____ C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\Nuance
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\Macrovision
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\Program Files (x86)\Nuance
2013-11-20 17:30 - 2013-11-20 17:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-11-20 14:47 - 2013-11-20 14:47 - 00003162 _____ C:\Windows\System32\Tasks\{61D34957-CE07-4807-ACBA-DB8897B90604}
2013-11-20 14:11 - 2013-11-20 14:11 - 00018432 _____ C:\Users\SilenPro\Documents\DragonSupportPackage_20131120_1411.dgnarc
2013-11-20 13:25 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-20 13:21 - 2013-11-20 13:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-20 13:21 - 2013-11-20 13:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-20 13:20 - 2013-11-20 13:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-20 13:20 - 2013-11-20 13:20 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-20 13:20 - 2013-11-20 13:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-20 13:20 - 2013-11-20 13:20 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-20 13:20 - 2013-11-20 13:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-20 13:20 - 2013-11-20 13:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-20 00:05 - 2013-11-20 13:25 - 00015479 _____ C:\Windows\IE11_main.log
2013-11-18 10:14 - 2013-11-18 10:21 - 622738047 _____ C:\Users\SilenPro\Downloads\Schiller.zip
2013-11-17 10:56 - 2013-11-17 10:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 16:27 - 2013-11-15 16:27 - 00003162 _____ C:\Windows\System32\Tasks\{775D0F7B-B5B0-4117-B8C0-9CFE54B85B5A}
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Malwarebytes
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes

==================== One Month Modified Files and Folders =======

2013-12-15 12:54 - 2013-12-10 13:13 - 00015448 _____ C:\Users\SilenPro\Desktop\FRST.txt
2013-12-15 12:53 - 2013-12-15 12:53 - 00000000 ____D C:\Users\SilenPro\Desktop\FRST-OlderVersion
2013-12-15 12:53 - 2013-12-10 13:13 - 00000000 ____D C:\FRST
2013-12-15 12:53 - 2013-12-10 13:11 - 01927796 _____ (Farbar) C:\Users\SilenPro\Desktop\FRST64.exe
2013-12-15 12:46 - 2013-12-15 12:46 - 00002801 _____ C:\Users\SilenPro\Desktop\JRT.txt
2013-12-15 12:43 - 2009-07-14 05:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 12:43 - 2009-07-14 05:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 12:41 - 2013-12-15 12:41 - 01034531 _____ (Thisisu) C:\Users\SilenPro\Desktop\JRT.exe
2013-12-15 12:41 - 2013-12-15 12:41 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 12:39 - 2010-12-03 20:53 - 01456519 _____ C:\Windows\WindowsUpdate.log
2013-12-15 12:37 - 2011-08-14 20:44 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Dropbox
2013-12-15 12:36 - 2011-08-14 20:46 - 00000000 ___RD C:\Users\SilenPro\Dropbox
2013-12-15 12:35 - 2012-07-15 17:27 - 00000000 ____D C:\ProgramData\VMware
2013-12-15 12:35 - 2012-06-21 14:35 - 00023851 _____ C:\Windows\setupact.log
2013-12-15 12:35 - 2010-12-05 12:53 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 12:35 - 2010-12-03 15:05 - 00140218 _____ C:\Windows\PFRO.log
2013-12-15 12:35 - 2010-12-03 15:04 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-15 12:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-15 12:33 - 2013-12-15 12:31 - 00000000 ____D C:\AdwCleaner
2013-12-15 12:33 - 2013-06-14 11:21 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Common
2013-12-15 12:30 - 2013-12-15 12:30 - 01226802 _____ C:\Users\SilenPro\Desktop\adwcleaner.exe
2013-12-15 12:27 - 2012-04-02 12:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 12:26 - 2010-12-05 12:53 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 09:17 - 2013-12-15 09:17 - 00001105 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 09:17 - 2013-12-15 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 09:16 - 2013-12-15 09:16 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\SilenPro\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-15 01:16 - 2010-12-09 12:03 - 00000000 ____D C:\Users\SilenPro\Documents\Felix
2013-12-14 13:48 - 2013-12-14 13:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-14 13:48 - 2013-12-14 13:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-14 13:48 - 2011-02-06 13:50 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-14 13:47 - 2013-12-14 13:47 - 13697720 _____ (Microsoft Corporation) C:\Users\SilenPro\Downloads\mseinstall.exe
2013-12-14 13:29 - 2013-12-14 13:29 - 00023234 _____ C:\ComboFix.txt
2013-12-14 13:29 - 2013-12-14 12:17 - 00000000 ____D C:\Qoobox
2013-12-14 13:29 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-14 13:28 - 2013-12-14 12:16 - 00000000 ____D C:\Windows\erdnt
2013-12-14 13:27 - 2009-07-14 03:34 - 00000241 _____ C:\Windows\system.ini
2013-12-14 13:11 - 2013-08-16 02:05 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 13:08 - 2010-12-08 18:52 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 12:57 - 2013-01-17 15:20 - 00000000 ____D C:\Users\Public\Documents\NetObjects Fusion 12.0
2013-12-14 12:57 - 2010-12-05 13:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-14 12:55 - 2013-09-27 15:14 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-14 12:44 - 2013-10-23 20:36 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-14 12:37 - 2010-12-05 12:53 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 12:15 - 2013-12-14 12:16 - 05154339 ____R (Swearware) C:\Users\SilenPro\Desktop\ComboFix.exe
2013-12-14 12:15 - 2013-12-14 12:15 - 05154339 _____ (Swearware) C:\Users\SilenPro\Downloads\ComboFix.exe
2013-12-14 12:11 - 2012-04-14 09:59 - 00000000 ____D C:\Users\SilenPro\Documents\Erbengemeinschaft
2013-12-12 20:09 - 2010-12-03 13:57 - 00000000 ____D C:\Users\SilenPro\AppData\Local\VirtualStore
2013-12-12 19:09 - 2013-12-12 19:09 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\STAHKM
2013-12-12 19:06 - 2013-12-12 19:06 - 00002138 _____ C:\Users\Public\Desktop\Spiel Scarytales - Lang lebe Koenig Zulfo.lnk
2013-12-12 19:06 - 2013-12-12 19:06 - 00001300 _____ C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2013-12-12 19:06 - 2013-12-12 19:04 - 00000000 ____D C:\Program Files (x86)\Scarytales - Lang lebe Koenig Zulfo
2013-12-12 19:04 - 2013-12-12 19:04 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scarytales - Lang lebe Koenig Zulfo
2013-12-12 15:06 - 2011-04-17 16:50 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Elephant Games
2013-12-12 14:46 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 04:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 03:34 - 2009-07-14 18:58 - 00710492 _____ C:\Windows\system32\perfh007.dat
2013-12-12 03:34 - 2009-07-14 18:58 - 00154504 _____ C:\Windows\system32\perfc007.dat
2013-12-12 03:34 - 2009-07-14 06:13 - 01652092 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 03:27 - 2012-04-25 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-12 03:27 - 2009-07-14 05:45 - 00402952 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 03:08 - 2010-12-05 12:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 03:07 - 2010-12-05 12:53 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 03:07 - 2010-12-05 12:53 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-12 03:01 - 2012-04-02 12:23 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 03:00 - 2012-04-02 12:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 03:00 - 2011-05-19 07:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 16:44 - 2013-12-11 16:44 - 00002059 _____ C:\Users\Public\Desktop\Spiel Grim Tales - Bloody Mary.lnk
2013-12-11 16:44 - 2013-12-11 16:40 - 00000000 ____D C:\Program Files (x86)\Grim Tales - Bloody Mary
2013-12-11 16:41 - 2010-12-16 12:49 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Gogii
2013-12-11 16:40 - 2013-12-11 16:40 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Bloody Mary
2013-12-11 16:29 - 2013-12-11 16:29 - 00002357 _____ C:\Users\Public\Desktop\Spiel Fairy Tale Mysteries - Die Bohnenstange Sammleredition.lnk
2013-12-11 16:29 - 2013-12-11 16:28 - 00000000 ____D C:\Program Files (x86)\Fairy Tale Mysteries - Die Bohnenstange Sammleredition
2013-12-11 16:28 - 2013-12-11 16:28 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fairy Tale Mysteries - Die Bohnenstange Sammleredition
2013-12-11 16:11 - 2013-12-11 16:11 - 00236648 _____ (Big Fish Games) C:\Users\SilenPro\Downloads\fairy-tale-mysteries-the-beanstalk-ce_s2_l2_gF6513T1L2_d2213825610.exe
2013-12-11 16:08 - 2013-12-10 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-10 23:02 - 2010-12-09 12:01 - 00000000 ____D C:\Users\SilenPro\Documents\Anlage
2013-12-10 13:31 - 2012-04-13 10:18 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\BlamGames
2013-12-10 13:16 - 2013-12-10 13:15 - 00050532 _____ C:\Users\SilenPro\Desktop\Addition.txt
2013-12-04 22:05 - 2012-03-26 10:42 - 00000000 ____D C:\Users\SilenPro\Documents\Matze
2013-12-02 17:55 - 2013-12-02 17:55 - 00236648 _____ (Big Fish Games) C:\Users\SilenPro\Downloads\forest-legends-the-call-of-love-ce_s2_l2_gF6484T1L2_d2208297478(1).exe
2013-12-02 16:42 - 2010-12-09 12:01 - 00000000 ____D C:\Users\SilenPro\Documents\Beruf
2013-12-01 09:44 - 2013-12-01 09:40 - 00000000 ____D C:\Users\SilenPro\Documents\Flohmarkt
2013-11-29 11:27 - 2013-11-29 11:27 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Anuman
2013-11-28 22:15 - 2010-12-09 12:03 - 00000000 ____D C:\Users\SilenPro\Documents\Wohnung Ullsteinstraße
2013-11-28 22:13 - 2013-11-28 22:13 - 00001045 _____ C:\Users\UpdatusUser\Desktop\Winmail Opener.lnk
2013-11-28 22:13 - 2013-11-28 22:13 - 00001045 _____ C:\Users\SilenPro\Desktop\Winmail Opener.lnk
2013-11-28 22:13 - 2013-11-28 22:13 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener
2013-11-28 22:13 - 2013-11-28 22:13 - 00000000 ____D C:\Program Files (x86)\Winmail Opener
2013-11-28 22:12 - 2013-11-28 22:12 - 00328095 _____ C:\Users\SilenPro\Downloads\winmail_opener.exe
2013-11-26 17:18 - 2013-07-01 20:43 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Chayowo Games
2013-11-26 12:54 - 2013-12-12 03:06 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:47 - 2011-05-07 16:59 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\ERS Game Studios
2013-11-26 11:19 - 2013-12-12 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-12 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-12 03:06 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-12 03:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-12 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-12 03:06 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-12 03:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-12 03:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-12 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-12 03:06 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-12 03:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-12 03:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-12 03:06 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-12 03:06 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-12 03:06 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-12 03:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-12 03:06 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-12 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-12 03:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-12 03:06 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-12 03:06 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-12 03:06 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-12 03:06 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-12 03:06 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-12 03:06 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-12 03:06 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-12 03:06 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-12 03:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-12 03:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-12 03:06 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 13:00 - 2012-06-13 20:44 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\4 Friends Games
2013-11-23 19:26 - 2013-12-11 16:30 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-11 16:30 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-22 08:48 - 2010-12-05 12:44 - 00000000 ____D C:\Users\SilenPro\AppData\Local\Microsoft Help
2013-11-22 08:24 - 2010-12-05 12:56 - 00000000 ____D C:\Users\SilenPro\AppData\Local\Adobe
2013-11-21 23:00 - 2013-11-21 23:00 - 00288050 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-11-21 23:00 - 2013-11-21 22:59 - 00291268 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-11-21 13:09 - 2012-04-02 13:14 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Mariaglorum
2013-11-21 11:54 - 2013-07-04 15:13 - 00000000 ____D C:\ProgramData\Playrix Entertainment
2013-11-21 10:43 - 2011-01-10 21:49 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Orneon
2013-11-20 19:05 - 2013-11-20 19:05 - 00001755 _____ C:\Users\SilenPro\AppData\Roaming\SAS7_000.DAT
2013-11-20 18:04 - 2013-11-20 18:04 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Nuance
2013-11-20 17:54 - 2013-11-20 17:54 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\FLEXnet
2013-11-20 17:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Speech
2013-11-20 17:52 - 2013-11-20 17:52 - 00002799 _____ C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\Nuance
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\Macrovision
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-20 17:37 - 2013-11-20 17:37 - 00000000 ____D C:\Program Files (x86)\Nuance
2013-11-20 17:30 - 2013-11-20 17:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-11-20 15:23 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-20 14:54 - 2010-12-05 13:47 - 00000000 ____D C:\Program Files (x86)\Deep Silver
2013-11-20 14:47 - 2013-11-20 14:47 - 00003162 _____ C:\Windows\System32\Tasks\{61D34957-CE07-4807-ACBA-DB8897B90604}
2013-11-20 14:31 - 2010-12-09 12:03 - 00000000 ____D C:\Users\SilenPro\Documents\TrennungSyno
2013-11-20 14:11 - 2013-11-20 14:11 - 00018432 _____ C:\Users\SilenPro\Documents\DragonSupportPackage_20131120_1411.dgnarc
2013-11-20 13:46 - 2010-12-03 13:57 - 00001417 _____ C:\Users\SilenPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-20 13:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-20 13:25 - 2013-11-20 00:05 - 00015479 _____ C:\Windows\IE11_main.log
2013-11-20 13:21 - 2013-11-20 13:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-20 13:21 - 2013-11-20 13:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-20 13:20 - 2013-11-20 13:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-20 13:20 - 2013-11-20 13:20 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-20 13:20 - 2013-11-20 13:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-20 13:20 - 2013-11-20 13:20 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-20 13:20 - 2013-11-20 13:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-20 13:20 - 2013-11-20 13:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-20 13:20 - 2013-11-20 13:20 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-20 13:20 - 2013-11-20 13:20 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-20 12:58 - 2011-08-26 16:23 - 00002842 _____ C:\Windows\KB893803v2.log
2013-11-19 13:00 - 2012-09-07 13:44 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Eipix
2013-11-19 03:33 - 2010-12-05 11:13 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 10:21 - 2013-11-18 10:14 - 622738047 _____ C:\Users\SilenPro\Downloads\Schiller.zip
2013-11-17 10:56 - 2013-11-17 10:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 16:27 - 2013-11-15 16:27 - 00003162 _____ C:\Windows\System32\Tasks\{775D0F7B-B5B0-4117-B8C0-9CFE54B85B5A}
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\Users\SilenPro\AppData\Roaming\Malwarebytes
2013-11-15 09:11 - 2013-11-15 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes

Files to move or delete:
====================
C:\Users\SilenPro\7z920.exe


Some content of TEMP:
====================
C:\Users\SilenPro\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 09:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Puhh, da kommt man fast ins Schwitzen.

Da wurde jetzt auch was von bigfish gelöscht, da lädt sich mein Sohnemann immer wieder Spielchen runter - ich dachte das wäre dort unbedenklich? Heißt das, dass wir das besser nicht mehr nutzen??

LG Tinalina

Alt 16.12.2013, 07:21   #12
schrauber
/// the machine
/// TB-Ausbilder
 

weiße Popups - Standard

weiße Popups



Ich würds lassen


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.12.2013, 16:03   #13
Tinalina
 
weiße Popups - Standard

weiße Popups



ah du grüne Neune!! Weißt Du, wie viele USB-Sticks ich habe??? Mindestens 8 oder so... muß ich dann den empfohlenen Durchlauf so oft machen, wie ich brauche bis ich alle USBs mal dran hatte???? Oder wäre das auch eine Lösung:

Na denne... wird wohl ein bischen dauern, bis ich das habe. Hier steht noch Weihnachtsbastelei an...

LG Tinalina

PS: Bis dahin aber schon mal ein riesengroßes DANKESCHÖN
weil aktuell öffnet sich nullkommagarnichts - außer hat dem was ich öffnen will - aber wer weiß, wie lange ;-)

Alt 17.12.2013, 09:17   #14
schrauber
/// the machine
/// TB-Ausbilder
 

weiße Popups - Standard

weiße Popups



Nee Sticks ist nur ne Empfehlung, die könnte man dann grad mitscannen. Scan sie einfach irgendwann mit deinem AV Programm, das passt dann schon
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu weiße Popups
ausschließen, compu, experte, freue, gen, hilfe, inhalt, lange, leute, popup, popups, problem, probleme, selbständige, tagen, thread, tipps, verhindern, versuch, verursacher, wegbekomme, weiße, wissen, würde, öffnen



Ähnliche Themen: weiße Popups


  1. Firefox öffnet mehrere weiße Seiten
    Plagegeister aller Art und deren Bekämpfung - 08.11.2014 (13)
  2. pwrmgrbkgndmonitor+weiße Icons+Nutzer korrupt+...
    Plagegeister aller Art und deren Bekämpfung - 22.07.2014 (14)
  3. Bildschirm zeigt nur noch (horizontale) weiße und graue Streifen
    Plagegeister aller Art und deren Bekämpfung - 22.03.2014 (3)
  4. Windows 8, x64: wisersearch.com und weiße Popups im Firefox
    Log-Analyse und Auswertung - 06.01.2014 (16)
  5. Windows 7: Chrome öffnet weiße Popup Fenster
    Log-Analyse und Auswertung - 20.12.2013 (5)
  6. Offermosquito und Weiße Popups in Chrome
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (7)
  7. GVU Trojaner - Weiße Seite
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (5)
  8. Windows 7: wieder weiße Popups in Firefox
    Log-Analyse und Auswertung - 26.10.2013 (11)
  9. 2x | Weiße Werbebanner in neu geöffneten Fenstern
    Mülltonne - 18.07.2013 (1)
  10. Wieder mal der weiße Bildschirm nach Windowsstart
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (5)
  11. Weiße Streifen Webcam
    Netzwerk und Hardware - 21.01.2010 (1)
  12. Internetbrowser-->weiße Seiten ab unbestimmten Zeitpunkt
    Log-Analyse und Auswertung - 08.11.2009 (0)
  13. icq öffnet leere weiße Seite
    Log-Analyse und Auswertung - 17.04.2009 (2)
  14. Logfile Check? FireFox zeigt nur weiße Seite an
    Log-Analyse und Auswertung - 21.09.2008 (11)
  15. viele weiße striche beim booten des pc's...
    Alles rund um Windows - 30.06.2008 (2)
  16. WindowsUpdate: Nur ne weiße Seite!
    Log-Analyse und Auswertung - 02.01.2006 (16)
  17. Weiße Seite
    Plagegeister aller Art und deren Bekämpfung - 07.06.2003 (9)

Zum Thema weiße Popups - Hallo Leute, auch bei mir öffnen sich ständig Popup-Fenster. Ich habe sie schon einmal losbekommen, indem ich den Anweisungen in einem Thread hier gefolgt bin. Doch seit ein paar Tagen - weiße Popups...
Archiv
Du betrachtest: weiße Popups auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.