Windows 8: Nationzoom restlos bereinigen

c-t-v · 21.01.2014, 19:43

Hallo,
Da dies nicht mein erster Besuch auf dieser Seite ist, suchte ich das Thema Nationzoom und bin die Anleitungen durchgegangen. Schien soweit gut gegangen, aber trozdem finde ich beim Durchstöbern der Registry immer noch verdächtige Einträge und bitte um Überprüfung dieses Systems auf Reste von Nationzoom & Co.

Hier nun das neue FRST-Log:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 02
Ran by Sonnie (administrator) on SONJA on 21-01-2014 19:20:42
Running from C:\Users\Sonnie\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMEvent.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [emsisoft anti-malware] - c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4329408 2013-12-04] (Emsisoft GmbH)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-24] ( (Atheros Communications))
MountPoints2: {21545aa6-59a3-11e3-be78-48d224ebdc37} - "E:\AutoRun.exe" 
Startup: C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk
ShortcutTarget: StarOffice 9.lnk -> C:\Program Files (x86)\Sun\StarOffice 9\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope {6F574C47-84E2-45F7-BCD6-5DAC5A812332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKLM - {6F574C47-84E2-45F7-BCD6-5DAC5A812332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKLM-x32 - {6F574C47-84E2-45F7-BCD6-5DAC5A812332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKCU - {6F574C47-84E2-45F7-BCD6-5DAC5A812332} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.13.1
Tcpip\..\Interfaces\{B7521F19-9CD3-4410-87A8-BDA56C139DAF}: [NameServer]193.189.244.225 193.189.244.206

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14]
CHR Extension: (Google Drive) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14]
CHR Extension: (Google-Suche) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14]
CHR Extension: (Google Wallet) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Google Mail) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14]

==================== Services (Whitelisted) =================

U2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
U2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider)
U2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
U2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
U2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
U3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
U3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
U2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
U2 LMSvc; C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2013-11-30] ()
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2012-01-14] ()

==================== Drivers (Whitelisted) ====================

U3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
U1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
U3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-12-01] (Qualcomm Atheros, Inc.)
U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
U0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
U1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
U1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
U1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
U0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
U1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
U0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
U0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
U0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
U1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-18] (Microsoft Corporation)
U3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-18] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 19:20 - 2014-01-21 19:21 - 00011658 _____ C:\Users\Sonnie\Desktop\FRST.txt
2014-01-21 19:18 - 2014-01-21 19:18 - 00000000 ____D C:\FRST
2014-01-21 19:15 - 2014-01-21 19:15 - 00000474 _____ C:\Users\Sonnie\Desktop\defogger_disable.log
2014-01-21 19:15 - 2014-01-21 19:15 - 00000000 _____ C:\Users\Sonnie\defogger_reenable
2014-01-19 21:44 - 2014-01-19 21:44 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\rkill64.com
2014-01-19 21:43 - 2014-01-19 21:43 - 00027444 _____ C:\Users\Sonnie\Documents\cc_20140119_214312.reg
2014-01-19 21:41 - 2014-01-19 21:41 - 00035250 _____ C:\Users\Sonnie\Documents\cc_20140119_214124.reg
2014-01-19 21:29 - 2014-01-19 21:32 - 00000000 ____D C:\AdwCleaner
2014-01-19 21:17 - 2014-01-19 21:17 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-01-19 21:06 - 2014-01-19 21:06 - 10264904 _____ (SurfRight B.V.) C:\Users\Sonnie\Desktop\HitmanPro_x64.exe
2014-01-19 21:05 - 2014-01-19 21:06 - 10264904 _____ (SurfRight B.V.) C:\Users\Sonnie\Downloads\HitmanPro_x64.exe
2014-01-19 21:04 - 2014-01-19 21:18 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-19 21:03 - 2014-01-19 21:03 - 00002302 _____ C:\sc-cleaner.txt
2014-01-19 17:55 - 2014-01-19 17:55 - 00259584 _____ (OldTimer Tools) C:\Users\Sonnie\Desktop\OTH.scr
2014-01-19 17:47 - 2014-01-19 17:48 - 02347384 _____ (ESET) C:\Users\Sonnie\Desktop\esetsmartinstaller_enu.exe
2014-01-19 17:46 - 2014-01-19 17:46 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\shortcut-cleaner.exe
2014-01-19 17:45 - 2014-01-19 17:45 - 01037068 _____ (Thisisu) C:\Users\Sonnie\Desktop\JRT.exe
2014-01-19 17:43 - 2014-01-19 17:43 - 00370610 _____ C:\Users\Sonnie\Downloads\gmer_2.1.19323.zip
2014-01-19 17:42 - 2014-01-19 17:42 - 02076672 _____ (Farbar) C:\Users\Sonnie\Desktop\FRST64.exe
2014-01-19 17:31 - 2014-01-19 17:31 - 00050477 _____ C:\Users\Sonnie\Desktop\Defogger.exe
2014-01-19 17:23 - 2014-01-19 17:23 - 00001119 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-19 17:21 - 2014-01-21 19:05 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-19 17:21 - 2014-01-19 17:22 - 01236282 _____ C:\Users\Sonnie\Desktop\adwcleaner.exe
2014-01-19 17:21 - 2014-01-19 17:21 - 00000000 ____D C:\Users\Sonnie\Documents\Anti-Malware
2014-01-19 17:09 - 2014-01-19 17:14 - 237466800 _____ (Emsisoft GmbH                                               ) C:\Users\Sonnie\Downloads\EmsisoftAntiMalwareSetup.exe
2014-01-19 17:03 - 2014-01-19 17:03 - 00001137 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 17:03 - 2014-01-19 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 17:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-19 17:00 - 2014-01-19 21:46 - 00002702 _____ C:\Users\Sonnie\Desktop\Rkill.txt
2014-01-19 16:59 - 2014-01-19 16:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\rkill.com
2014-01-19 16:23 - 2014-01-19 22:34 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1041993073-3820573447-2682693849-1001
2014-01-19 16:21 - 2014-01-19 16:22 - 00000646 _____ C:\WINDOWS\setupact.log
2014-01-19 16:21 - 2014-01-19 16:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-19 15:31 - 2014-01-19 15:31 - 00000082 _____ C:\Users\Sonnie\Documents\cc_20140119_153140.reg
2014-01-19 15:17 - 2014-01-19 15:17 - 00000521 _____ C:\Users\Sonnie\Desktop\Anmeldeinformationsverwaltung - Verknüpfung.lnk
2014-01-19 15:16 - 2014-01-19 15:16 - 00003066 _____ C:\WINDOWS\System32\Tasks\{AA91BD79-D0BB-45E9-934B-44822ABDF667}
2014-01-19 11:25 - 2014-01-19 11:25 - 00012448 _____ C:\Users\Sonnie\Documents\cc_20140119_112536.reg
2014-01-19 11:11 - 2014-01-19 11:14 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2014-01-19 10:12 - 2014-01-19 10:12 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-18 16:47 - 2014-01-18 16:47 - 00027150 _____ C:\Users\Sonnie\Documents\cc_20140118_164721.reg
2014-01-18 16:43 - 2014-01-18 16:43 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\LavasoftStatistics
2014-01-18 16:11 - 2014-01-19 11:06 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2014-01-18 16:07 - 2014-01-18 16:07 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-18 15:48 - 2014-01-18 15:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-18 13:36 - 2014-01-21 19:08 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{363F19CD-0F70-478B-90F2-3654C79511AE}
2014-01-18 09:55 - 2014-01-19 22:26 - 00000000 ___RD C:\Users\Sonnie\SkyDrive
2014-01-18 09:50 - 2014-01-19 13:37 - 00000000 ____D C:\Users\Sonnie\Documents\Bluetooth Folder
2014-01-18 09:50 - 2014-01-18 09:50 - 00000000 ____D C:\Users\Sonnie\AppData\Local\BMExplorer
2014-01-18 09:48 - 2014-01-18 09:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2014-01-18 09:42 - 2014-01-18 09:42 - 00000020 ___SH C:\Users\Sonnie\ntuser.ini
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Vorlagen
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-18 01:50 - 2014-01-21 19:16 - 01785978 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-18 01:48 - 2014-01-18 01:48 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2014-01-18 01:39 - 2014-01-18 01:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2014-01-18 01:39 - 2014-01-18 01:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-01-18 01:31 - 2014-01-18 01:31 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki
2014-01-18 01:31 - 2014-01-18 01:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki
2014-01-18 01:26 - 2014-01-18 01:26 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2014-01-18 01:24 - 2014-01-21 19:15 - 00000000 ____D C:\Users\Sonnie
2014-01-18 01:24 - 2014-01-18 01:50 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2014-01-18 01:24 - 2014-01-18 01:50 - 00024768 _____ C:\WINDOWS\diagerr.xml
2014-01-18 01:24 - 2014-01-18 01:25 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Vorlagen
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Startmenü
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Netzwerkumgebung
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Lokale Einstellungen
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Eigene Dateien
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Druckumgebung
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Documents\Eigene Musik
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Documents\Eigene Bilder
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Local\Verlauf
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Local\Anwendungsdaten
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Anwendungsdaten
2014-01-18 01:24 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-18 01:24 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-18 01:24 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\Program Files\Realtek
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\Program Files\Elantech
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\Program Files\AMD
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\AMD
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 _____ C:\WINDOWS\system32\spu_storage.bin
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2014-01-18 01:11 - 2014-01-19 11:20 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-18 01:11 - 2014-01-18 01:18 - 00000000 __SHD C:\Recovery
2014-01-18 01:10 - 2014-01-18 01:10 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00000000 ____D C:\Windows.old
2014-01-18 01:09 - 2014-01-18 01:09 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-18 01:09 - 2014-01-18 01:09 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-18 01:08 - 2014-01-18 01:08 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-18 01:08 - 2014-01-18 01:08 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-18 01:08 - 2014-01-18 01:08 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-18 01:07 - 2014-01-18 01:07 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-18 01:07 - 2014-01-18 01:07 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-18 01:07 - 2014-01-18 01:07 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-18 01:06 - 2014-01-18 01:06 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-18 01:06 - 2014-01-18 01:06 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-18 01:06 - 2014-01-18 01:06 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-18 01:04 - 2014-01-18 01:04 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files\MSBuild
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-18 01:01 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-01-18 01:01 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-18 01:01 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-01-18 01:01 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-01-18 01:01 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-18 01:01 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-01-17 23:08 - 2014-01-17 23:08 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\AVG2014
2014-01-17 23:06 - 2014-01-17 23:06 - 00000993 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-17 23:06 - 2014-01-17 23:06 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\TuneUp Software
2014-01-17 23:03 - 2014-01-17 23:07 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-17 23:03 - 2014-01-17 23:03 - 00000000 ___HD C:\$AVG
2014-01-17 23:03 - 2014-01-17 23:03 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-17 23:01 - 2014-01-21 19:07 - 00000000 ____D C:\ProgramData\MFAData
2014-01-17 23:01 - 2014-01-18 13:29 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Avg2014
2014-01-17 23:01 - 2014-01-17 23:01 - 00000000 ____D C:\Users\Sonnie\AppData\Local\MFAData
2014-01-17 21:51 - 2013-11-19 11:21 - 00267936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-17 21:17 - 2014-01-17 21:17 - 00000000 ____D C:\7053019b5e37ae1e06
2014-01-15 06:28 - 2014-01-15 06:28 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 06:26 - 2014-01-15 06:26 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 06:22 - 2014-01-15 06:22 - 00005910 _____ C:\Users\Sonnie\Documents\cc_20140115_062216.reg
2014-01-15 06:20 - 2014-01-15 06:20 - 00045618 _____ C:\Users\Sonnie\Documents\cc_20140115_062049.reg
2014-01-14 23:01 - 2014-01-19 15:22 - 00000991 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-14 23:01 - 2014-01-15 06:19 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 23:00 - 2014-01-19 22:27 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-14 22:58 - 2014-01-21 19:09 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-14 22:58 - 2014-01-19 22:27 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-14 22:58 - 2014-01-14 23:04 - 00004094 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-14 22:58 - 2014-01-14 23:04 - 00003858 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-14 22:58 - 2014-01-14 23:01 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Google
2014-01-14 22:58 - 2014-01-14 23:01 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-14 22:34 - 2014-01-14 22:34 - 00000000 ____D C:\Users\Sonnie\Downloads\backups
2014-01-14 22:19 - 2014-01-14 22:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sonnie\Downloads\HiJackThis204.exe
2014-01-14 22:06 - 2014-01-14 22:06 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\Malwarebytes
2014-01-14 22:06 - 2014-01-14 22:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 22:05 - 2014-01-14 22:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sonnie\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 21:55 - 2014-01-14 21:56 - 00000000 ____D C:\Users\Sonnie\.android
2014-01-14 21:55 - 2014-01-14 21:55 - 00000000 ____D C:\Users\Sonnie\AppData\Local\cache
2014-01-14 21:54 - 2014-01-14 21:54 - 00000000 _____ C:\Users\Sonnie\daemonprocess.txt
2014-01-14 21:53 - 2014-01-14 21:53 - 00001178 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-14 21:52 - 2014-01-14 21:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-14 21:50 - 2014-01-14 21:50 - 06072408 _____ (TeamViewer GmbH) C:\Users\Sonnie\Downloads\TeamViewer_Setup_de.exe
2014-01-14 18:37 - 2014-01-14 18:37 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Macromedia
2013-12-25 16:41 - 2014-01-19 21:48 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-25 16:41 - 2013-12-25 16:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-25 16:39 - 2014-01-14 22:53 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-01-21 19:21 - 2014-01-21 19:20 - 00011658 _____ C:\Users\Sonnie\Desktop\FRST.txt
2014-01-21 19:18 - 2014-01-21 19:18 - 00000000 ____D C:\FRST
2014-01-21 19:16 - 2014-01-18 01:50 - 01785978 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-21 19:15 - 2014-01-21 19:15 - 00000474 _____ C:\Users\Sonnie\Desktop\defogger_disable.log
2014-01-21 19:15 - 2014-01-21 19:15 - 00000000 _____ C:\Users\Sonnie\defogger_reenable
2014-01-21 19:15 - 2014-01-18 01:24 - 00000000 ____D C:\Users\Sonnie
2014-01-21 19:09 - 2014-01-14 22:58 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 19:08 - 2014-01-18 13:36 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{363F19CD-0F70-478B-90F2-3654C79511AE}
2014-01-21 19:07 - 2014-01-17 23:01 - 00000000 ____D C:\ProgramData\MFAData
2014-01-21 19:05 - 2014-01-19 17:21 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-21 19:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-19 22:34 - 2014-01-19 16:23 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1041993073-3820573447-2682693849-1001
2014-01-19 22:27 - 2014-01-14 23:00 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 22:27 - 2014-01-14 22:58 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 22:26 - 2014-01-18 09:55 - 00000000 ___RD C:\Users\Sonnie\SkyDrive
2014-01-19 22:23 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-19 21:48 - 2013-12-25 16:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-19 21:46 - 2014-01-19 17:00 - 00002702 _____ C:\Users\Sonnie\Desktop\Rkill.txt
2014-01-19 21:44 - 2014-01-19 21:44 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\rkill64.com
2014-01-19 21:43 - 2014-01-19 21:43 - 00027444 _____ C:\Users\Sonnie\Documents\cc_20140119_214312.reg
2014-01-19 21:43 - 2013-11-14 08:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-19 21:43 - 2013-11-14 08:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-19 21:43 - 2013-11-14 08:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-19 21:41 - 2014-01-19 21:41 - 00035250 _____ C:\Users\Sonnie\Documents\cc_20140119_214124.reg
2014-01-19 21:32 - 2014-01-19 21:29 - 00000000 ____D C:\AdwCleaner
2014-01-19 21:18 - 2014-01-19 21:04 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-19 21:17 - 2014-01-19 21:17 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-01-19 21:06 - 2014-01-19 21:06 - 10264904 _____ (SurfRight B.V.) C:\Users\Sonnie\Desktop\HitmanPro_x64.exe
2014-01-19 21:06 - 2014-01-19 21:05 - 10264904 _____ (SurfRight B.V.) C:\Users\Sonnie\Downloads\HitmanPro_x64.exe
2014-01-19 21:03 - 2014-01-19 21:03 - 00002302 _____ C:\sc-cleaner.txt
2014-01-19 21:03 - 2013-11-13 00:10 - 00001454 _____ C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 17:55 - 2014-01-19 17:55 - 00259584 _____ (OldTimer Tools) C:\Users\Sonnie\Desktop\OTH.scr
2014-01-19 17:48 - 2014-01-19 17:47 - 02347384 _____ (ESET) C:\Users\Sonnie\Desktop\esetsmartinstaller_enu.exe
2014-01-19 17:46 - 2014-01-19 17:46 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\shortcut-cleaner.exe
2014-01-19 17:45 - 2014-01-19 17:45 - 01037068 _____ (Thisisu) C:\Users\Sonnie\Desktop\JRT.exe
2014-01-19 17:43 - 2014-01-19 17:43 - 00370610 _____ C:\Users\Sonnie\Downloads\gmer_2.1.19323.zip
2014-01-19 17:43 - 2013-12-04 09:53 - 00379904 _____ C:\Users\Sonnie\Desktop\gmer.exe
2014-01-19 17:42 - 2014-01-19 17:42 - 02076672 _____ (Farbar) C:\Users\Sonnie\Desktop\FRST64.exe
2014-01-19 17:31 - 2014-01-19 17:31 - 00050477 _____ C:\Users\Sonnie\Desktop\Defogger.exe
2014-01-19 17:23 - 2014-01-19 17:23 - 00001119 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-19 17:22 - 2014-01-19 17:21 - 01236282 _____ C:\Users\Sonnie\Desktop\adwcleaner.exe
2014-01-19 17:21 - 2014-01-19 17:21 - 00000000 ____D C:\Users\Sonnie\Documents\Anti-Malware
2014-01-19 17:14 - 2014-01-19 17:09 - 237466800 _____ (Emsisoft GmbH                                               ) C:\Users\Sonnie\Downloads\EmsisoftAntiMalwareSetup.exe
2014-01-19 17:03 - 2014-01-19 17:03 - 00001137 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 17:03 - 2014-01-19 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 16:59 - 2014-01-19 16:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\rkill.com
2014-01-19 16:41 - 2013-11-13 00:07 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Packages
2014-01-19 16:22 - 2014-01-19 16:21 - 00000646 _____ C:\WINDOWS\setupact.log
2014-01-19 16:21 - 2014-01-19 16:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-19 15:35 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-19 15:31 - 2014-01-19 15:31 - 00000082 _____ C:\Users\Sonnie\Documents\cc_20140119_153140.reg
2014-01-19 15:22 - 2014-01-14 23:01 - 00000991 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-19 15:17 - 2014-01-19 15:17 - 00000521 _____ C:\Users\Sonnie\Desktop\Anmeldeinformationsverwaltung - Verknüpfung.lnk
2014-01-19 15:16 - 2014-01-19 15:16 - 00003066 _____ C:\WINDOWS\System32\Tasks\{AA91BD79-D0BB-45E9-934B-44822ABDF667}
2014-01-19 14:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-19 13:37 - 2014-01-18 09:50 - 00000000 ____D C:\Users\Sonnie\Documents\Bluetooth Folder
2014-01-19 11:25 - 2014-01-19 11:25 - 00012448 _____ C:\Users\Sonnie\Documents\cc_20140119_112536.reg
2014-01-19 11:20 - 2014-01-18 01:11 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-19 11:14 - 2014-01-19 11:11 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2014-01-19 11:06 - 2014-01-18 16:11 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2014-01-19 10:12 - 2014-01-19 10:12 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-18 16:47 - 2014-01-18 16:47 - 00027150 _____ C:\Users\Sonnie\Documents\cc_20140118_164721.reg
2014-01-18 16:43 - 2014-01-18 16:43 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\LavasoftStatistics
2014-01-18 16:07 - 2014-01-18 16:07 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-18 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\restore
2014-01-18 15:48 - 2014-01-18 15:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-18 13:29 - 2014-01-17 23:01 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Avg2014
2014-01-18 09:52 - 2013-11-14 09:24 - 00000000 ___HD C:\$Windows.~BT
2014-01-18 09:50 - 2014-01-18 09:50 - 00000000 ____D C:\Users\Sonnie\AppData\Local\BMExplorer
2014-01-18 09:50 - 2013-09-15 16:34 - 00000000 ____D C:\ProgramData\Atheros
2014-01-18 09:48 - 2014-01-18 09:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2014-01-18 09:46 - 2013-11-13 00:10 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 09:46 - 2013-11-13 00:10 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-18 09:42 - 2014-01-18 09:42 - 00000020 ___SH C:\Users\Sonnie\ntuser.ini
2014-01-18 01:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Vorlagen
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-18 01:51 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows NT
2014-01-18 01:51 - 2013-08-22 14:36 - 00000000 __RHD C:\Users\Default
2014-01-18 01:50 - 2014-01-18 01:24 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2014-01-18 01:50 - 2014-01-18 01:24 - 00024768 _____ C:\WINDOWS\diagerr.xml
2014-01-18 01:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2014-01-18 01:48 - 2014-01-18 01:48 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2014-01-18 01:40 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\Media
2014-01-18 01:39 - 2014-01-18 01:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2014-01-18 01:39 - 2014-01-18 01:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-01-18 01:39 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-18 01:39 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-18 01:34 - 2013-08-22 15:44 - 00360664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-18 01:33 - 2013-09-15 16:31 - 00000000 ____D C:\WINDOWS\SysWOW64\QCA_CR
2014-01-18 01:33 - 2013-09-15 16:20 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2014-01-18 01:33 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2014-01-18 01:33 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2014-01-18 01:33 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-18 01:31 - 2014-01-18 01:31 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki
2014-01-18 01:31 - 2014-01-18 01:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki
2014-01-18 01:31 - 2012-07-26 06:37 - 00000000 ____D C:\Users\Default.migrated
2014-01-18 01:30 - 2013-11-14 08:11 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2014-01-18 01:30 - 2013-11-14 08:11 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2014-01-18 01:30 - 2013-11-14 08:11 - 00000000 ____D C:\WINDOWS\system32\WCN
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\spool
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\IME
2014-01-18 01:30 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2014-01-18 01:30 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2014-01-18 01:29 - 2013-08-22 16:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2014-01-18 01:29 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2014-01-18 01:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\IME
2014-01-18 01:29 - 2013-08-06 08:05 - 00000000 ____D C:\ProgramData\PRICache
2014-01-18 01:28 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2014-01-18 01:28 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-18 01:26 - 2014-01-18 01:26 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2014-01-18 01:25 - 2014-01-18 01:24 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-18 01:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Vorlagen
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Startmenü
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Netzwerkumgebung
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Lokale Einstellungen
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Eigene Dateien
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Druckumgebung
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Documents\Eigene Musik
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Documents\Eigene Bilder
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Local\Verlauf
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Local\Anwendungsdaten
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Anwendungsdaten
2014-01-18 01:18 - 2014-01-18 01:11 - 00000000 __SHD C:\Recovery
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\Program Files\Realtek
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\Program Files\Elantech
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\Program Files\AMD
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\AMD
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 _____ C:\WINDOWS\system32\spu_storage.bin
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2014-01-18 01:10 - 2014-01-18 01:10 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00000000 ____D C:\Windows.old
2014-01-18 01:10 - 2013-08-22 16:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2014-01-18 01:09 - 2014-01-18 01:09 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-18 01:09 - 2014-01-18 01:09 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-18 01:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-18 01:08 - 2014-01-18 01:08 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-18 01:08 - 2014-01-18 01:08 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-18 01:08 - 2014-01-18 01:08 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-18 01:07 - 2014-01-18 01:07 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-18 01:07 - 2014-01-18 01:07 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-18 01:07 - 2014-01-18 01:07 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-18 01:07 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2014-01-18 01:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2014-01-18 01:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2014-01-18 01:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2014-01-18 01:06 - 2014-01-18 01:06 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-18 01:06 - 2014-01-18 01:06 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-18 01:06 - 2014-01-18 01:06 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-18 01:06 - 2014-01-18 01:06 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-18 01:04 - 2014-01-18 01:04 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files\MSBuild
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-18 01:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2014-01-18 01:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2014-01-17 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2014-01-17 23:08 - 2014-01-17 23:08 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\AVG2014
2014-01-17 23:07 - 2014-01-17 23:03 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-17 23:06 - 2014-01-17 23:06 - 00000993 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-17 23:06 - 2014-01-17 23:06 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\TuneUp Software
2014-01-17 23:03 - 2014-01-17 23:03 - 00000000 ___HD C:\$AVG
2014-01-17 23:03 - 2014-01-17 23:03 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-17 23:01 - 2014-01-17 23:01 - 00000000 ____D C:\Users\Sonnie\AppData\Local\MFAData
2014-01-17 21:17 - 2014-01-17 21:17 - 00000000 ____D C:\7053019b5e37ae1e06
2014-01-17 20:42 - 2013-11-23 17:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-17 20:37 - 2013-11-23 17:00 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 06:29 - 2013-11-13 00:26 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 06:28 - 2014-01-15 06:28 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 06:26 - 2014-01-15 06:26 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 06:22 - 2014-01-15 06:22 - 00005910 _____ C:\Users\Sonnie\Documents\cc_20140115_062216.reg
2014-01-15 06:20 - 2014-01-15 06:20 - 00045618 _____ C:\Users\Sonnie\Documents\cc_20140115_062049.reg
2014-01-15 06:19 - 2014-01-14 23:01 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 23:04 - 2014-01-14 22:58 - 00004094 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-14 23:04 - 2014-01-14 22:58 - 00003858 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-14 23:03 - 2013-11-15 13:56 - 00000000 ____D C:\Users\Sonnie\AppData\Local\CrashDumps
2014-01-14 23:01 - 2014-01-14 22:58 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Google
2014-01-14 23:01 - 2014-01-14 22:58 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-14 22:53 - 2013-12-25 16:39 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Adobe
2014-01-14 22:34 - 2014-01-14 22:34 - 00000000 ____D C:\Users\Sonnie\Downloads\backups
2014-01-14 22:20 - 2013-11-13 00:08 - 00000000 ____D C:\Users\Sonnie\AppData\Local\VirtualStore
2014-01-14 22:19 - 2014-01-14 22:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sonnie\Downloads\HiJackThis204.exe
2014-01-14 22:06 - 2014-01-14 22:06 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\Malwarebytes
2014-01-14 22:06 - 2014-01-14 22:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 22:05 - 2014-01-14 22:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sonnie\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 21:56 - 2014-01-14 21:55 - 00000000 ____D C:\Users\Sonnie\.android
2014-01-14 21:55 - 2014-01-14 21:55 - 00000000 ____D C:\Users\Sonnie\AppData\Local\cache
2014-01-14 21:54 - 2014-01-14 21:54 - 00000000 _____ C:\Users\Sonnie\daemonprocess.txt
2014-01-14 21:53 - 2014-01-14 21:53 - 00001178 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-14 21:52 - 2014-01-14 21:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-14 21:50 - 2014-01-14 21:50 - 06072408 _____ (TeamViewer GmbH) C:\Users\Sonnie\Downloads\TeamViewer_Setup_de.exe
2014-01-14 18:37 - 2014-01-14 18:37 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Macromedia
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 16:41 - 2013-12-25 16:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Sonnie\AppData\Local\Temp\78039199-1800-412f-9648-f04c9a74c3ff.exe
C:\Users\Sonnie\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-18 01:12

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Hier das älteste verfügbare Log (JRT):
JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8.1 x64
Ran by Sonnie on 19.01.2014 at 10:44:24,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\Users\Sonnie\appdata\locallow\adawaretb"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.01.2014 at 10:49:36,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

Hier das erste mbam:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.14.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Sonnie :: SONJA [Administrator]

Schutz: Aktiviert

14.01.2014 22:09:45
mbam-log-2014-01-14 (22-09-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 137200
Laufzeit: 31 Minute(n), 35 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 12
C:\Users\Sonnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTRT4UDU\wajam_install[1].exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\parent.txt (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\66542026-56f4-47d0-a544-ac12eab0ee320\parent.txt (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\803ed548-8ec6-4c25-b9c0-dbe124d839c10\parent.txt (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\fullpackage_temp1389732709\Baofeng.exe (PUP.Optional.NationZoom.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\is1275519350\240366642_stp\rcpsetup_adppi5_adppi5.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\is1275519350\240366723_stp\wajam_download.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\is1275519350\240366772_stp\cor_aartemis.exe (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\is1275519350\273632_stp\rcpsetup_adppi5_adppi5.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\is1275519350\273777_stp\BuzzSearch.exe (PUP.Optional.BuzzSearch.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\is1275519350\273783_stp\cor_aartemis.exe (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonnie\AppData\Local\Temp\Wajam\tmp\1\wajam_install.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

HitmanPro:

Code:

ATTFilter

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : SONJA
   Windows . . . . . . . : 6.3.0.9600.X64/2
   User name . . . . . . : SONJA\Sonnie
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-01-19 21:07:43
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10

   Objects scanned . . . : 1.334.770
   Files scanned . . . . : 14.176
   Remnants scanned  . . : 439.231 files / 881.363 keys

Potential Unwanted Programs _________________________________________________

   C:\ProgramData\WPM\ (NationZoom) -> Deleted
   C:\ProgramData\WPM\update\ (NationZoom) -> Deleted
   C:\ProgramData\WPM\update\conf (NationZoom) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\supWPM\ (NationZoom) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de

Emisoft:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 8.1
Letztes Update: 19.01.2014 17:28:01
Benutzerkonto: SONJA\Sonnie

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	19.01.2014 17:29:33
C:\Windows.old\Users\Sonnie\AppData\Local\Temp\dswbtgbkptfvbnh.exe 	gefunden: Trojan.Generic.10367125 (B)

Gescannt	383429
Gefunden	1

Scan Ende:	19.01.2014 20:53:45
Scan Zeit:	3:24:12

aktuelles GMER:
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19322 - hxxp://www.gmer.net
Rootkit scan 2014-01-21 19:33:10
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d WDC_WD3200BPVT-22JJ5T0 rev.01.01A01 298,09GB
Running: gmer.exe; Driver: C:\Users\Sonnie\AppData\Local\Temp\uxtdypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[1796] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194             00007ff9b4351f6a 4 bytes [35, B4, F9, 7F]
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[1796] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218             00007ff9b4351f82 4 bytes [35, B4, F9, 7F]
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2332] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506  00007ff9c088169a 4 bytes [88, C0, F9, 7F]
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2332] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514  00007ff9c08816a2 4 bytes [88, C0, F9, 7F]
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2332] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118     00007ff9c088181a 4 bytes [88, C0, F9, 7F]
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2332] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142     00007ff9c0881832 4 bytes [88, C0, F9, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [548:564]                                                                                                 fffff960009504d0
Thread  C:\WINDOWS\system32\svchost.exe [1132:1704]                                                                                             00007ff9b9092b90
Thread  C:\WINDOWS\system32\svchost.exe [1132:1288]                                                                                             00007ff9b90967bc
Thread  C:\WINDOWS\system32\svchost.exe [1132:3256]                                                                                             00007ff9bc422110
Thread  C:\WINDOWS\system32\svchost.exe [1132:2200]                                                                                             00007ff9b4334608
Thread  C:\WINDOWS\system32\svchost.exe [1132:3632]                                                                                             00007ff9b4061584
Thread  C:\WINDOWS\system32\svchost.exe [1132:3492]                                                                                             00007ff9b3e11b30
Thread  C:\WINDOWS\system32\svchost.exe [1132:5056]                                                                                             00007ff9b4331040

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----

--- --- ---

Hab noch weitere Logs, bei Bedarf poste ich sie gerne noch, weil mir das hier schon zu lang erscheint.

schrauber · 21.01.2014, 22:59

hi,

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.

Starte die sc-cleaner.exe mit einem Doppelclick.
Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
Eine Logdatei wird sich öffnen (sc-cleaner.txt).
Poste den Inhalt mit deiner nächsten Antwort.

c-t-v · 21.01.2014, 23:23

AdwCleaner-Log:
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.017 - Bericht erstellt am 21/01/2014 um 23:15:24
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Sonnie - SONJA
# Gestartet von : C:\Users\Sonnie\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Google Chrome v32.0.1700.76

[ Datei : C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1793 octets] - [19/01/2014 21:29:13]
AdwCleaner[R1].txt - [890 octets] - [21/01/2014 23:11:18]
AdwCleaner[S0].txt - [1812 octets] - [19/01/2014 21:32:05]
AdwCleaner[S1].txt - [812 octets] - [21/01/2014 23:15:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [871 octets] ##########

--- --- ---

ShortCleaner:

Code:

ATTFilter

Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1 
Program started at: 01/21/2014 11:07:07 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Sonnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Sonnie\Desktop


0 bad shortcuts found.

Program finished at: 01/21/2014 11:07:10 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

schrauber · 22.01.2014, 15:58

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

c-t-v · 22.01.2014, 22:16

und hier die Logs:

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d63f2c6346b97a40babf7f371b9bd6d3
# engine=16754
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-22 08:51:35
# local_time=2014-01-22 09:51:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 6011990 15305188 0 0
# scanned=125965
# found=0
# cleaned=0
# scan_time=7555

security check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
AVG Internet Security 2014   
Windows Defender             
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 	11.9.900.170  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Mobile Partner OnlineUpdate ouc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

frst:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 02
Ran by Sonnie (administrator) on SONJA on 22-01-2014 22:05:32
Running from C:\Users\Sonnie\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-24] ( (Atheros Communications))
MountPoints2: {21545aa6-59a3-11e3-be78-48d224ebdc37} - "E:\AutoRun.exe" 
Startup: C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk
ShortcutTarget: StarOffice 9.lnk -> C:\Program Files (x86)\Sun\StarOffice 9\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope {6F574C47-84E2-45F7-BCD6-5DAC5A812332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKLM - {6F574C47-84E2-45F7-BCD6-5DAC5A812332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKLM-x32 - {6F574C47-84E2-45F7-BCD6-5DAC5A812332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKCU - {6F574C47-84E2-45F7-BCD6-5DAC5A812332} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.13.1
Tcpip\..\Interfaces\{B7521F19-9CD3-4410-87A8-BDA56C139DAF}: [NameServer]193.189.244.225 193.189.244.206

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14]
CHR Extension: (Google Drive) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14]
CHR Extension: (Google-Suche) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14]
CHR Extension: (Google Wallet) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Google Mail) - C:\Users\Sonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14]

==================== Services (Whitelisted) =================

U2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider)
U2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
U2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
U2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
U3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
U3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
U2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
U2 LMSvc; C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2013-11-30] ()
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2012-01-14] ()

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
U3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-12-01] (Qualcomm Atheros, Inc.)
U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
U0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
U1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
U1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
U1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
U0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
U1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
U0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
U0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
U0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
U1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-18] (Microsoft Corporation)
U3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-18] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U4 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
U3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-22 22:00 - 2014-01-22 22:00 - 00987425 _____ C:\Users\Sonnie\Desktop\SecurityCheck.exe
2014-01-22 19:41 - 2014-01-22 19:41 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-22 19:20 - 2014-01-22 22:05 - 00011536 _____ C:\Users\Sonnie\Desktop\FRST.txt
2014-01-21 19:18 - 2014-01-21 19:18 - 00000000 ____D C:\FRST
2014-01-21 19:15 - 2014-01-21 19:15 - 00000474 _____ C:\Users\Sonnie\Desktop\defogger_disable.log
2014-01-21 19:15 - 2014-01-21 19:15 - 00000000 _____ C:\Users\Sonnie\defogger_reenable
2014-01-19 21:44 - 2014-01-19 21:44 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\rkill64.com
2014-01-19 21:43 - 2014-01-19 21:43 - 00027444 _____ C:\Users\Sonnie\Documents\cc_20140119_214312.reg
2014-01-19 21:41 - 2014-01-19 21:41 - 00035250 _____ C:\Users\Sonnie\Documents\cc_20140119_214124.reg
2014-01-19 21:29 - 2014-01-21 23:15 - 00000000 ____D C:\AdwCleaner
2014-01-19 21:17 - 2014-01-19 21:17 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-01-19 21:06 - 2014-01-19 21:06 - 10264904 _____ (SurfRight B.V.) C:\Users\Sonnie\Desktop\HitmanPro_x64.exe
2014-01-19 21:05 - 2014-01-19 21:06 - 10264904 _____ (SurfRight B.V.) C:\Users\Sonnie\Downloads\HitmanPro_x64.exe
2014-01-19 21:04 - 2014-01-19 21:18 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-19 21:03 - 2014-01-21 23:07 - 00001752 _____ C:\sc-cleaner.txt
2014-01-19 17:55 - 2014-01-19 17:55 - 00259584 _____ (OldTimer Tools) C:\Users\Sonnie\Desktop\OTH.scr
2014-01-19 17:47 - 2014-01-19 17:48 - 02347384 _____ (ESET) C:\Users\Sonnie\Desktop\esetsmartinstaller_enu.exe
2014-01-19 17:46 - 2014-01-19 17:46 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\shortcut-cleaner.exe
2014-01-19 17:45 - 2014-01-19 17:45 - 01037068 _____ (Thisisu) C:\Users\Sonnie\Desktop\JRT.exe
2014-01-19 17:43 - 2014-01-19 17:43 - 00370610 _____ C:\Users\Sonnie\Downloads\gmer_2.1.19323.zip
2014-01-19 17:42 - 2014-01-19 17:42 - 02076672 _____ (Farbar) C:\Users\Sonnie\Desktop\FRST64.exe
2014-01-19 17:31 - 2014-01-19 17:31 - 00050477 _____ C:\Users\Sonnie\Desktop\Defogger.exe
2014-01-19 17:21 - 2014-01-22 21:58 - 00000000 ____D C:\Users\Sonnie\Documents\Anti-Malware
2014-01-19 17:21 - 2014-01-19 17:22 - 01236282 _____ C:\Users\Sonnie\Desktop\adwcleaner.exe
2014-01-19 17:09 - 2014-01-19 17:14 - 237466800 _____ (Emsisoft GmbH                                               ) C:\Users\Sonnie\Downloads\EmsisoftAntiMalwareSetup.exe
2014-01-19 17:03 - 2014-01-19 17:03 - 00001137 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 17:03 - 2014-01-19 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 17:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-19 17:00 - 2014-01-19 21:46 - 00002702 _____ C:\Users\Sonnie\Desktop\Rkill.txt
2014-01-19 16:59 - 2014-01-19 16:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\rkill.com
2014-01-19 16:23 - 2014-01-22 22:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1041993073-3820573447-2682693849-1001
2014-01-19 16:21 - 2014-01-19 16:22 - 00000646 _____ C:\WINDOWS\setupact.log
2014-01-19 16:21 - 2014-01-19 16:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-19 15:31 - 2014-01-19 15:31 - 00000082 _____ C:\Users\Sonnie\Documents\cc_20140119_153140.reg
2014-01-19 15:17 - 2014-01-19 15:17 - 00000521 _____ C:\Users\Sonnie\Desktop\Anmeldeinformationsverwaltung - Verknüpfung.lnk
2014-01-19 15:16 - 2014-01-19 15:16 - 00003066 _____ C:\WINDOWS\System32\Tasks\{AA91BD79-D0BB-45E9-934B-44822ABDF667}
2014-01-19 11:25 - 2014-01-19 11:25 - 00012448 _____ C:\Users\Sonnie\Documents\cc_20140119_112536.reg
2014-01-19 11:11 - 2014-01-19 11:14 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2014-01-19 10:12 - 2014-01-19 10:12 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-18 16:47 - 2014-01-18 16:47 - 00027150 _____ C:\Users\Sonnie\Documents\cc_20140118_164721.reg
2014-01-18 16:43 - 2014-01-18 16:43 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\LavasoftStatistics
2014-01-18 16:11 - 2014-01-19 11:06 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2014-01-18 16:07 - 2014-01-18 16:07 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-18 15:48 - 2014-01-18 15:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-18 13:36 - 2014-01-22 21:54 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{363F19CD-0F70-478B-90F2-3654C79511AE}
2014-01-18 09:55 - 2014-01-22 19:14 - 00000000 ___RD C:\Users\Sonnie\SkyDrive
2014-01-18 09:50 - 2014-01-19 13:37 - 00000000 ____D C:\Users\Sonnie\Documents\Bluetooth Folder
2014-01-18 09:50 - 2014-01-18 09:50 - 00000000 ____D C:\Users\Sonnie\AppData\Local\BMExplorer
2014-01-18 09:48 - 2014-01-18 09:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2014-01-18 09:42 - 2014-01-18 09:42 - 00000020 ___SH C:\Users\Sonnie\ntuser.ini
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Vorlagen
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-18 01:50 - 2014-01-22 21:33 - 01972773 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-18 01:48 - 2014-01-18 01:48 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2014-01-18 01:39 - 2014-01-18 01:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2014-01-18 01:39 - 2014-01-18 01:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-01-18 01:31 - 2014-01-18 01:31 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki
2014-01-18 01:31 - 2014-01-18 01:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki
2014-01-18 01:26 - 2014-01-18 01:26 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2014-01-18 01:24 - 2014-01-21 19:15 - 00000000 ____D C:\Users\Sonnie
2014-01-18 01:24 - 2014-01-18 01:50 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2014-01-18 01:24 - 2014-01-18 01:50 - 00024768 _____ C:\WINDOWS\diagerr.xml
2014-01-18 01:24 - 2014-01-18 01:25 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Vorlagen
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Startmenü
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Netzwerkumgebung
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Lokale Einstellungen
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Eigene Dateien
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Druckumgebung
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Documents\Eigene Musik
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Documents\Eigene Bilder
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Local\Verlauf
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Local\Anwendungsdaten
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Anwendungsdaten
2014-01-18 01:24 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-18 01:24 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-18 01:24 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\Program Files\Realtek
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\Program Files\Elantech
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\Program Files\AMD
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\AMD
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 _____ C:\WINDOWS\system32\spu_storage.bin
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2014-01-18 01:11 - 2014-01-19 11:20 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-18 01:11 - 2014-01-18 01:18 - 00000000 __SHD C:\Recovery
2014-01-18 01:10 - 2014-01-18 01:10 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-18 01:09 - 2014-01-18 01:09 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-18 01:08 - 2014-01-18 01:08 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-18 01:08 - 2014-01-18 01:08 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-18 01:08 - 2014-01-18 01:08 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-18 01:07 - 2014-01-18 01:07 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-18 01:07 - 2014-01-18 01:07 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-18 01:07 - 2014-01-18 01:07 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-18 01:06 - 2014-01-18 01:06 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-18 01:06 - 2014-01-18 01:06 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-18 01:06 - 2014-01-18 01:06 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-18 01:04 - 2014-01-18 01:04 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files\MSBuild
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-18 01:01 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-01-18 01:01 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-18 01:01 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-01-18 01:01 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-01-18 01:01 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-18 01:01 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-01-17 23:08 - 2014-01-17 23:08 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\AVG2014
2014-01-17 23:06 - 2014-01-17 23:06 - 00000993 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-17 23:03 - 2014-01-17 23:07 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-17 23:03 - 2014-01-17 23:03 - 00000000 ___HD C:\$AVG
2014-01-17 23:03 - 2014-01-17 23:03 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-17 23:01 - 2014-01-22 19:19 - 00000000 ____D C:\ProgramData\MFAData
2014-01-17 23:01 - 2014-01-18 13:29 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Avg2014
2014-01-17 23:01 - 2014-01-17 23:01 - 00000000 ____D C:\Users\Sonnie\AppData\Local\MFAData
2014-01-17 21:51 - 2013-11-19 11:21 - 00267936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-17 21:17 - 2014-01-17 21:17 - 00000000 ____D C:\7053019b5e37ae1e06
2014-01-15 06:28 - 2014-01-15 06:28 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 06:26 - 2014-01-15 06:26 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 06:22 - 2014-01-15 06:22 - 00005910 _____ C:\Users\Sonnie\Documents\cc_20140115_062216.reg
2014-01-15 06:20 - 2014-01-15 06:20 - 00045618 _____ C:\Users\Sonnie\Documents\cc_20140115_062049.reg
2014-01-14 23:01 - 2014-01-19 15:22 - 00000991 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-14 23:01 - 2014-01-15 06:19 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 23:00 - 2014-01-22 19:16 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-14 22:58 - 2014-01-22 21:09 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-14 22:58 - 2014-01-22 19:16 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-14 22:58 - 2014-01-14 23:04 - 00004094 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-14 22:58 - 2014-01-14 23:04 - 00003858 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-14 22:58 - 2014-01-14 23:01 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Google
2014-01-14 22:58 - 2014-01-14 23:01 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-14 22:34 - 2014-01-14 22:34 - 00000000 ____D C:\Users\Sonnie\Downloads\backups
2014-01-14 22:19 - 2014-01-14 22:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sonnie\Downloads\HiJackThis204.exe
2014-01-14 22:06 - 2014-01-14 22:06 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\Malwarebytes
2014-01-14 22:06 - 2014-01-14 22:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 22:05 - 2014-01-14 22:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sonnie\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 21:55 - 2014-01-14 21:56 - 00000000 ____D C:\Users\Sonnie\.android
2014-01-14 21:55 - 2014-01-14 21:55 - 00000000 ____D C:\Users\Sonnie\AppData\Local\cache
2014-01-14 21:54 - 2014-01-14 21:54 - 00000000 _____ C:\Users\Sonnie\daemonprocess.txt
2014-01-14 21:53 - 2014-01-14 21:53 - 00001178 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-14 21:52 - 2014-01-14 21:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-14 21:50 - 2014-01-14 21:50 - 06072408 _____ (TeamViewer GmbH) C:\Users\Sonnie\Downloads\TeamViewer_Setup_de.exe
2014-01-14 18:37 - 2014-01-14 18:37 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Macromedia
2013-12-25 16:41 - 2014-01-22 21:48 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-25 16:41 - 2013-12-25 16:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-25 16:39 - 2014-01-14 22:53 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-01-22 22:05 - 2014-01-22 19:20 - 00011536 _____ C:\Users\Sonnie\Desktop\FRST.txt
2014-01-22 22:03 - 2014-01-19 16:23 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1041993073-3820573447-2682693849-1001
2014-01-22 22:00 - 2014-01-22 22:00 - 00987425 _____ C:\Users\Sonnie\Desktop\SecurityCheck.exe
2014-01-22 22:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-22 21:58 - 2014-01-19 17:21 - 00000000 ____D C:\Users\Sonnie\Documents\Anti-Malware
2014-01-22 21:54 - 2014-01-18 13:36 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{363F19CD-0F70-478B-90F2-3654C79511AE}
2014-01-22 21:48 - 2013-12-25 16:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-22 21:33 - 2014-01-18 01:50 - 01972773 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-22 21:09 - 2014-01-14 22:58 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 19:42 - 2013-11-14 08:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-22 19:42 - 2013-11-14 08:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-22 19:42 - 2013-11-14 08:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-22 19:41 - 2014-01-22 19:41 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-22 19:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-22 19:19 - 2014-01-17 23:01 - 00000000 ____D C:\ProgramData\MFAData
2014-01-22 19:16 - 2014-01-14 23:00 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-22 19:16 - 2014-01-14 22:58 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 19:14 - 2014-01-18 09:55 - 00000000 ___RD C:\Users\Sonnie\SkyDrive
2014-01-21 23:17 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-21 23:15 - 2014-01-19 21:29 - 00000000 ____D C:\AdwCleaner
2014-01-21 23:07 - 2014-01-19 21:03 - 00001752 _____ C:\sc-cleaner.txt
2014-01-21 23:04 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-21 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-21 19:18 - 2014-01-21 19:18 - 00000000 ____D C:\FRST
2014-01-21 19:15 - 2014-01-21 19:15 - 00000474 _____ C:\Users\Sonnie\Desktop\defogger_disable.log
2014-01-21 19:15 - 2014-01-21 19:15 - 00000000 _____ C:\Users\Sonnie\defogger_reenable
2014-01-21 19:15 - 2014-01-18 01:24 - 00000000 ____D C:\Users\Sonnie
2014-01-19 21:46 - 2014-01-19 17:00 - 00002702 _____ C:\Users\Sonnie\Desktop\Rkill.txt
2014-01-19 21:44 - 2014-01-19 21:44 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\rkill64.com
2014-01-19 21:43 - 2014-01-19 21:43 - 00027444 _____ C:\Users\Sonnie\Documents\cc_20140119_214312.reg
2014-01-19 21:41 - 2014-01-19 21:41 - 00035250 _____ C:\Users\Sonnie\Documents\cc_20140119_214124.reg
2014-01-19 21:18 - 2014-01-19 21:04 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-19 21:17 - 2014-01-19 21:17 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-01-19 21:06 - 2014-01-19 21:06 - 10264904 _____ (SurfRight B.V.) C:\Users\Sonnie\Desktop\HitmanPro_x64.exe
2014-01-19 21:06 - 2014-01-19 21:05 - 10264904 _____ (SurfRight B.V.) C:\Users\Sonnie\Downloads\HitmanPro_x64.exe
2014-01-19 21:03 - 2013-11-13 00:10 - 00001454 _____ C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 17:55 - 2014-01-19 17:55 - 00259584 _____ (OldTimer Tools) C:\Users\Sonnie\Desktop\OTH.scr
2014-01-19 17:48 - 2014-01-19 17:47 - 02347384 _____ (ESET) C:\Users\Sonnie\Desktop\esetsmartinstaller_enu.exe
2014-01-19 17:46 - 2014-01-19 17:46 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\shortcut-cleaner.exe
2014-01-19 17:45 - 2014-01-19 17:45 - 01037068 _____ (Thisisu) C:\Users\Sonnie\Desktop\JRT.exe
2014-01-19 17:43 - 2014-01-19 17:43 - 00370610 _____ C:\Users\Sonnie\Downloads\gmer_2.1.19323.zip
2014-01-19 17:43 - 2013-12-04 09:53 - 00379904 _____ C:\Users\Sonnie\Desktop\gmer.exe
2014-01-19 17:42 - 2014-01-19 17:42 - 02076672 _____ (Farbar) C:\Users\Sonnie\Desktop\FRST64.exe
2014-01-19 17:31 - 2014-01-19 17:31 - 00050477 _____ C:\Users\Sonnie\Desktop\Defogger.exe
2014-01-19 17:22 - 2014-01-19 17:21 - 01236282 _____ C:\Users\Sonnie\Desktop\adwcleaner.exe
2014-01-19 17:14 - 2014-01-19 17:09 - 237466800 _____ (Emsisoft GmbH                                               ) C:\Users\Sonnie\Downloads\EmsisoftAntiMalwareSetup.exe
2014-01-19 17:03 - 2014-01-19 17:03 - 00001137 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 17:03 - 2014-01-19 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 16:59 - 2014-01-19 16:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sonnie\Desktop\rkill.com
2014-01-19 16:41 - 2013-11-13 00:07 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Packages
2014-01-19 16:22 - 2014-01-19 16:21 - 00000646 _____ C:\WINDOWS\setupact.log
2014-01-19 16:21 - 2014-01-19 16:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-19 15:31 - 2014-01-19 15:31 - 00000082 _____ C:\Users\Sonnie\Documents\cc_20140119_153140.reg
2014-01-19 15:22 - 2014-01-14 23:01 - 00000991 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-19 15:17 - 2014-01-19 15:17 - 00000521 _____ C:\Users\Sonnie\Desktop\Anmeldeinformationsverwaltung - Verknüpfung.lnk
2014-01-19 15:16 - 2014-01-19 15:16 - 00003066 _____ C:\WINDOWS\System32\Tasks\{AA91BD79-D0BB-45E9-934B-44822ABDF667}
2014-01-19 13:37 - 2014-01-18 09:50 - 00000000 ____D C:\Users\Sonnie\Documents\Bluetooth Folder
2014-01-19 11:25 - 2014-01-19 11:25 - 00012448 _____ C:\Users\Sonnie\Documents\cc_20140119_112536.reg
2014-01-19 11:20 - 2014-01-18 01:11 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-19 11:14 - 2014-01-19 11:11 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2014-01-19 11:06 - 2014-01-18 16:11 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2014-01-19 10:12 - 2014-01-19 10:12 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-18 16:47 - 2014-01-18 16:47 - 00027150 _____ C:\Users\Sonnie\Documents\cc_20140118_164721.reg
2014-01-18 16:43 - 2014-01-18 16:43 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\LavasoftStatistics
2014-01-18 16:07 - 2014-01-18 16:07 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-18 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\restore
2014-01-18 15:48 - 2014-01-18 15:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-18 13:29 - 2014-01-17 23:01 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Avg2014
2014-01-18 09:50 - 2014-01-18 09:50 - 00000000 ____D C:\Users\Sonnie\AppData\Local\BMExplorer
2014-01-18 09:50 - 2013-09-15 16:34 - 00000000 ____D C:\ProgramData\Atheros
2014-01-18 09:48 - 2014-01-18 09:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2014-01-18 09:46 - 2013-11-13 00:10 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 09:46 - 2013-11-13 00:10 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-18 09:42 - 2014-01-18 09:42 - 00000020 ___SH C:\Users\Sonnie\ntuser.ini
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Vorlagen
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-18 01:51 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows NT
2014-01-18 01:51 - 2013-08-22 14:36 - 00000000 __RHD C:\Users\Default
2014-01-18 01:50 - 2014-01-18 01:24 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2014-01-18 01:50 - 2014-01-18 01:24 - 00024768 _____ C:\WINDOWS\diagerr.xml
2014-01-18 01:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2014-01-18 01:48 - 2014-01-18 01:48 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2014-01-18 01:40 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\Media
2014-01-18 01:39 - 2014-01-18 01:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2014-01-18 01:39 - 2014-01-18 01:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-01-18 01:39 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-18 01:39 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-18 01:34 - 2013-08-22 15:44 - 00360664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-18 01:33 - 2013-09-15 16:31 - 00000000 ____D C:\WINDOWS\SysWOW64\QCA_CR
2014-01-18 01:33 - 2013-09-15 16:20 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2014-01-18 01:33 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2014-01-18 01:33 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2014-01-18 01:33 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-18 01:31 - 2014-01-18 01:31 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki
2014-01-18 01:31 - 2014-01-18 01:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki
2014-01-18 01:31 - 2012-07-26 06:37 - 00000000 ____D C:\Users\Default.migrated
2014-01-18 01:30 - 2013-11-14 08:11 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2014-01-18 01:30 - 2013-11-14 08:11 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2014-01-18 01:30 - 2013-11-14 08:11 - 00000000 ____D C:\WINDOWS\system32\WCN
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\spool
2014-01-18 01:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\IME
2014-01-18 01:30 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2014-01-18 01:30 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2014-01-18 01:29 - 2013-08-22 16:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2014-01-18 01:29 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2014-01-18 01:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\IME
2014-01-18 01:29 - 2013-08-06 08:05 - 00000000 ____D C:\ProgramData\PRICache
2014-01-18 01:28 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2014-01-18 01:28 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-18 01:26 - 2014-01-18 01:26 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2014-01-18 01:25 - 2014-01-18 01:24 - 00000000 ___RD C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-18 01:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Vorlagen
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Startmenü
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Netzwerkumgebung
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Lokale Einstellungen
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Eigene Dateien
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Druckumgebung
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Documents\Eigene Musik
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Documents\Eigene Bilder
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Local\Verlauf
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\AppData\Local\Anwendungsdaten
2014-01-18 01:24 - 2014-01-18 01:24 - 00000000 _SHDL C:\Users\Sonnie\Anwendungsdaten
2014-01-18 01:18 - 2014-01-18 01:11 - 00000000 __SHD C:\Recovery
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\Program Files\Realtek
2014-01-18 01:15 - 2014-01-18 01:15 - 00000000 ____D C:\Program Files\Elantech
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\Program Files\AMD
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 ____D C:\AMD
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 _____ C:\WINDOWS\system32\spu_storage.bin
2014-01-18 01:14 - 2014-01-18 01:14 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2014-01-18 01:10 - 2014-01-18 01:10 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-18 01:10 - 2014-01-18 01:10 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-18 01:10 - 2013-08-22 16:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2014-01-18 01:09 - 2014-01-18 01:09 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-18 01:09 - 2014-01-18 01:09 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-18 01:09 - 2014-01-18 01:09 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-18 01:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-18 01:08 - 2014-01-18 01:08 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-18 01:08 - 2014-01-18 01:08 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-18 01:08 - 2014-01-18 01:08 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-18 01:08 - 2014-01-18 01:08 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-18 01:07 - 2014-01-18 01:07 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-18 01:07 - 2014-01-18 01:07 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-18 01:07 - 2014-01-18 01:07 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-18 01:07 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2014-01-18 01:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2014-01-18 01:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2014-01-18 01:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2014-01-18 01:06 - 2014-01-18 01:06 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-18 01:06 - 2014-01-18 01:06 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-18 01:06 - 2014-01-18 01:06 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-18 01:06 - 2014-01-18 01:06 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-18 01:06 - 2014-01-18 01:06 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-18 01:06 - 2014-01-18 01:06 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-18 01:06 - 2014-01-18 01:06 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-18 01:04 - 2014-01-18 01:04 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files\MSBuild
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2014-01-18 01:02 - 2014-01-18 01:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-18 01:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2014-01-18 01:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2014-01-17 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2014-01-17 23:08 - 2014-01-17 23:08 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\AVG2014
2014-01-17 23:07 - 2014-01-17 23:03 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-17 23:06 - 2014-01-17 23:06 - 00000993 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-17 23:03 - 2014-01-17 23:03 - 00000000 ___HD C:\$AVG
2014-01-17 23:03 - 2014-01-17 23:03 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-17 23:01 - 2014-01-17 23:01 - 00000000 ____D C:\Users\Sonnie\AppData\Local\MFAData
2014-01-17 21:17 - 2014-01-17 21:17 - 00000000 ____D C:\7053019b5e37ae1e06
2014-01-17 20:42 - 2013-11-23 17:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-17 20:37 - 2013-11-23 17:00 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 06:29 - 2013-11-13 00:26 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 06:28 - 2014-01-15 06:28 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 06:26 - 2014-01-15 06:26 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-15 06:26 - 2014-01-15 06:26 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 06:22 - 2014-01-15 06:22 - 00005910 _____ C:\Users\Sonnie\Documents\cc_20140115_062216.reg
2014-01-15 06:20 - 2014-01-15 06:20 - 00045618 _____ C:\Users\Sonnie\Documents\cc_20140115_062049.reg
2014-01-15 06:19 - 2014-01-14 23:01 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 23:04 - 2014-01-14 22:58 - 00004094 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-14 23:04 - 2014-01-14 22:58 - 00003858 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-14 23:03 - 2013-11-15 13:56 - 00000000 ____D C:\Users\Sonnie\AppData\Local\CrashDumps
2014-01-14 23:01 - 2014-01-14 22:58 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Google
2014-01-14 23:01 - 2014-01-14 22:58 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-14 22:53 - 2013-12-25 16:39 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Adobe
2014-01-14 22:34 - 2014-01-14 22:34 - 00000000 ____D C:\Users\Sonnie\Downloads\backups
2014-01-14 22:20 - 2013-11-13 00:08 - 00000000 ____D C:\Users\Sonnie\AppData\Local\VirtualStore
2014-01-14 22:19 - 2014-01-14 22:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sonnie\Downloads\HiJackThis204.exe
2014-01-14 22:06 - 2014-01-14 22:06 - 00000000 ____D C:\Users\Sonnie\AppData\Roaming\Malwarebytes
2014-01-14 22:06 - 2014-01-14 22:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 22:05 - 2014-01-14 22:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sonnie\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 21:56 - 2014-01-14 21:55 - 00000000 ____D C:\Users\Sonnie\.android
2014-01-14 21:55 - 2014-01-14 21:55 - 00000000 ____D C:\Users\Sonnie\AppData\Local\cache
2014-01-14 21:54 - 2014-01-14 21:54 - 00000000 _____ C:\Users\Sonnie\daemonprocess.txt
2014-01-14 21:53 - 2014-01-14 21:53 - 00001178 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-14 21:52 - 2014-01-14 21:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-14 21:50 - 2014-01-14 21:50 - 06072408 _____ (TeamViewer GmbH) C:\Users\Sonnie\Downloads\TeamViewer_Setup_de.exe
2014-01-14 18:37 - 2014-01-14 18:37 - 00000000 ____D C:\Users\Sonnie\AppData\Local\Macromedia
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 16:41 - 2013-12-25 16:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Sonnie\AppData\Local\Temp\78039199-1800-412f-9648-f04c9a74c3ff.exe
C:\Users\Sonnie\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonnie\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-18 01:12

==================== End Of Log ============================

--- --- ---

--- --- ---

Ich hoffe, nun ist alles sauber... MS Defender ist aktuell deaktiviert (von AVG?) und kann nicht aktualisiert werden.

schrauber · 23.01.2014, 19:25

Ja das kommt von AVG.

Fertig

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

c-t-v · 23.01.2014, 21:13

übrig bleibt nur noch dies: im Rahmen der Bereinigung wurde ein Windows-Update durchgeführt. Jetzt habe ich zufällig entdeckt, dass es noch einen virtuellen Benutzer im Windows gibt :

Internetadresse: virtualapp/didlogical
Benutzer: 02dajzicctxp
Kennwort: **********

Muss ich mir Sorgen machen bzw. kann ich diesen Benutzer entfernen?

schrauber · 24.01.2014, 14:22

entferne ihn mal. bleibt er weg?

24.01.2014, 14:22	#8
schrauber /// the machine /// TB-Ausbilder	Windows 8: Nationzoom restlos bereinigen entferne ihn mal. bleibt er weg? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 8: Nationzoom restlos bereinigen

Log-Analyse und Auswertung: Windows 8: Nationzoom restlos bereinigen