pytagoras | 07.03.2014 23:30 | Code:
2014-02-20 03:30 - 2014-02-20 03:30 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-02-20 03:30 - 2014-02-20 03:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-02-18 22:15 - 2014-02-18 22:15 - 00000784 _____ () C:\Windows\ie8_main.log
2014-02-18 21:00 - 2014-02-18 21:06 - 00000438 _____ () C:\Users\Selda\AppData\Roaming\wklnhst.dat
2014-02-18 21:00 - 2014-02-18 21:03 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Template
2014-02-18 19:53 - 2010-09-06 17:20 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-02-18 19:53 - 2010-09-06 17:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-02-18 19:51 - 2014-02-18 19:51 - 00000000 ____D () C:\Users\Selda\AppData\Local\Skype
2014-02-18 19:50 - 2014-02-18 19:50 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-18 19:50 - 2014-02-18 19:50 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-18 19:49 - 2014-02-18 19:50 - 00000000 ___RD () C:\Program Files\Skype
2014-02-18 19:39 - 2014-02-18 22:12 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Google
2014-02-18 13:04 - 2008-05-27 05:59 - 00018904 _____ () C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2014-02-18 13:04 - 2007-11-08 10:04 - 11967524 _____ () C:\Windows\system32\korwbrkr.lex
2014-02-18 12:57 - 2010-02-12 11:48 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-02-18 10:48 - 2009-11-08 10:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-02-18 10:48 - 2009-11-08 10:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-02-18 10:48 - 2009-11-08 10:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-02-18 10:48 - 2009-11-08 10:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-02-18 10:48 - 2009-11-08 10:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-02-18 02:20 - 2014-02-18 02:20 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-02-18 01:32 - 2014-02-18 01:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 01:00 - 2014-03-04 11:29 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-18 00:57 - 2014-03-07 21:21 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-18 00:57 - 2014-03-07 21:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 00:57 - 2014-03-07 20:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-18 00:57 - 2014-02-21 15:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-18 00:57 - 2014-02-21 15:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-18 00:57 - 2014-02-18 19:39 - 00000000 ____D () C:\Users\Selda\AppData\Local\Google
2014-02-18 00:57 - 2014-02-18 01:00 - 00000000 ____D () C:\Program Files\Google
2014-02-18 00:57 - 2014-02-18 00:58 - 00000000 ____D () C:\ProgramData\Google
2014-02-18 00:37 - 2010-02-21 00:06 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2014-02-18 00:37 - 2010-02-21 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2014-02-18 00:37 - 2010-02-20 21:53 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-02-18 00:36 - 2014-02-18 00:37 - 00283642 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-18 00:34 - 2014-02-18 00:35 - 00289738 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-18 00:34 - 2014-02-18 00:34 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-18 00:31 - 2009-10-09 22:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2014-02-18 00:31 - 2009-10-09 22:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2014-02-18 00:31 - 2009-10-09 22:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2014-02-18 00:31 - 2009-10-09 22:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2014-02-18 00:30 - 2009-10-09 22:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-02-18 00:30 - 2009-10-09 22:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-02-18 00:30 - 2009-10-09 22:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2014-02-18 00:30 - 2009-10-09 22:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-02-18 00:30 - 2009-10-09 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-02-18 00:30 - 2009-10-09 22:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2014-02-18 00:30 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2014-02-18 00:30 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2014-02-18 00:30 - 2009-10-09 22:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-02-18 00:30 - 2009-10-09 22:55 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2014-02-18 00:30 - 2009-10-09 22:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2014-02-18 00:30 - 2009-10-09 22:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2014-02-18 00:30 - 2009-10-09 22:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2014-02-18 00:30 - 2009-10-09 22:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2014-02-18 00:30 - 2009-08-01 07:27 - 00201184 _____ () C:\Windows\system32\winrm.vbs
2014-02-18 00:30 - 2009-07-16 18:30 - 00004675 _____ () C:\Windows\system32\wsmanconfig_schema.xml
2014-02-18 00:30 - 2009-07-16 18:30 - 00002426 _____ () C:\Windows\system32\WsmTxt.xsl
2014-02-18 00:25 - 2009-07-10 12:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2014-02-18 00:25 - 2008-02-29 07:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll
2014-02-18 00:24 - 2009-08-14 14:49 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE
2014-02-18 00:24 - 2009-08-14 14:49 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE
2014-02-18 00:24 - 2009-08-14 14:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE
2014-02-18 00:24 - 2009-08-14 14:49 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE
2014-02-18 00:24 - 2009-08-14 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2014-02-18 00:24 - 2009-08-14 14:49 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE
2014-02-18 00:24 - 2009-08-14 14:49 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE
2014-02-18 00:24 - 2009-08-14 14:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2014-02-18 00:23 - 2010-09-13 16:46 - 10628096 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-18 00:23 - 2010-09-13 14:56 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-18 00:23 - 2009-07-15 13:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-02-18 00:23 - 2009-07-15 13:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-02-18 00:23 - 2009-07-15 13:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-02-18 00:22 - 2010-12-28 16:55 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-02-18 00:21 - 2011-04-29 14:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-02-18 00:21 - 2011-04-29 14:25 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-02-18 00:13 - 2013-12-18 06:13 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-02-18 00:12 - 2010-04-16 17:46 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-02-18 00:11 - 2011-02-22 14:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-02-18 00:11 - 2010-06-16 16:30 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-02-18 00:11 - 2009-10-23 18:10 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-02-18 00:11 - 2009-07-11 20:01 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-02-18 00:11 - 2009-07-11 20:01 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-02-18 00:11 - 2009-07-11 20:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-02-18 00:11 - 2009-07-11 20:01 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-02-18 00:11 - 2009-07-11 18:03 - 02501921 _____ () C:\Windows\system32\wlan.tmf
2014-02-18 00:11 - 2009-07-11 18:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2014-02-18 00:11 - 2009-06-15 15:52 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-02-18 00:11 - 2009-06-15 15:51 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-02-18 00:11 - 2009-04-11 07:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-02-18 00:09 - 2011-07-06 16:31 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-02-18 00:09 - 2011-04-29 14:24 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-02-18 00:09 - 2011-04-29 14:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-02-18 00:09 - 2011-02-18 15:03 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-02-18 00:09 - 2010-08-17 15:11 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-02-18 00:08 - 2014-03-07 20:45 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Skype
2014-02-18 00:08 - 2010-10-18 14:37 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-02-18 00:08 - 2010-08-26 17:37 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-02-18 00:08 - 2010-06-18 18:31 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2014-02-18 00:08 - 2010-04-05 18:02 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 00:08 - 2010-01-25 13:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-18 00:08 - 2010-01-25 13:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-18 00:08 - 2010-01-25 09:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-18 00:08 - 2010-01-25 09:21 - 00518144 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-18 00:08 - 2009-06-15 15:54 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-02-18 00:08 - 2009-06-15 15:52 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-02-18 00:07 - 2011-03-03 16:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2014-02-18 00:07 - 2011-03-03 14:35 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2014-02-18 00:07 - 2010-08-31 16:46 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2014-02-18 00:07 - 2010-08-31 16:46 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2014-02-18 00:07 - 2010-08-26 17:34 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-02-18 00:07 - 2010-02-18 14:30 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-02-18 00:07 - 2010-02-18 12:28 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-02-18 00:07 - 2010-01-25 13:00 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-18 00:07 - 2010-01-25 13:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-18 00:07 - 2010-01-25 12:58 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-18 00:07 - 2010-01-25 09:21 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-18 00:07 - 2010-01-25 09:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-18 00:07 - 2009-06-10 12:41 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 00:06 - 2011-05-02 18:16 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-02-18 00:06 - 2010-11-04 19:56 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2014-02-18 00:06 - 2010-11-04 19:55 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-02-18 00:06 - 2010-11-04 19:55 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2014-02-18 00:06 - 2010-11-04 19:55 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2014-02-18 00:06 - 2010-11-04 17:34 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-02-18 00:06 - 2010-08-20 17:05 - 00867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-02-18 00:06 - 2009-09-10 17:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-02-18 00:06 - 2009-07-15 13:39 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2014-02-18 00:06 - 2009-07-15 11:21 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2014-02-18 00:06 - 2009-07-15 11:21 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2014-02-18 00:06 - 2009-04-11 07:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-02-18 00:06 - 2009-04-11 07:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-02-18 00:06 - 2009-04-11 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-02-18 00:05 - 2011-04-14 15:59 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-02-18 00:05 - 2010-12-29 19:28 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-02-18 00:05 - 2010-12-29 19:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2014-02-18 00:05 - 2010-12-29 19:26 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-02-18 00:05 - 2010-12-17 14:54 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-18 00:05 - 2010-06-28 18:00 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-02-18 00:05 - 2010-01-13 18:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-02-18 00:05 - 2009-12-08 18:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-02-18 00:05 - 2009-09-04 12:41 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-02-18 00:05 - 2009-08-10 13:35 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-02-18 00:05 - 2009-06-10 12:42 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2014-02-18 00:05 - 2009-04-11 07:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-02-18 00:05 - 2009-04-11 07:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tscupgrd.exe
2014-02-18 00:05 - 2009-04-11 07:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-18 00:04 - 2011-04-21 14:58 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-18 00:04 - 2011-03-10 18:03 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-02-18 00:04 - 2011-03-10 18:03 - 01136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-02-18 00:04 - 2011-03-02 16:44 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-02-18 00:04 - 2011-03-02 16:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-02-18 00:04 - 2010-12-14 15:49 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2014-02-18 00:04 - 2010-05-27 21:08 - 00081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2014-02-18 00:04 - 2010-04-05 18:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2014-02-18 00:04 - 2010-01-21 16:05 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2014-02-18 00:04 - 2009-10-07 12:36 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-02-18 00:04 - 2009-07-17 14:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2014-02-18 00:04 - 2009-05-04 10:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-02-18 00:04 - 2009-04-11 07:27 - 00220672 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2014-02-18 00:03 - 2009-12-04 19:30 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-02-18 00:03 - 2009-12-04 19:28 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2014-02-18 00:03 - 2009-12-04 19:28 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2014-02-18 00:03 - 2009-12-04 19:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-02-18 00:03 - 2009-12-04 19:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-02-18 00:03 - 2009-12-04 19:28 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-02-18 00:03 - 2009-12-04 19:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-02-18 00:03 - 2009-12-04 19:27 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2014-02-17 23:58 - 2014-02-18 19:50 - 00000000 ____D () C:\ProgramData\Skype
2014-02-17 23:47 - 2009-05-08 13:53 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2014-02-17 23:43 - 2014-02-18 10:33 - 00000000 ____D () C:\Users\Public\Documents\Symantec
2014-02-17 23:31 - 2009-09-10 15:58 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2014-02-17 23:26 - 2014-02-17 23:26 - 00000000 ____D () C:\Windows\Sun
2014-02-17 23:26 - 2014-02-17 23:26 - 00000000 ____D () C:\ProgramData\Sun
2014-02-17 23:26 - 2014-02-17 23:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-17 23:26 - 2014-02-17 23:26 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-17 23:26 - 2014-02-17 23:25 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-17 23:25 - 2014-02-17 23:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-17 23:25 - 2014-02-17 23:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-17 23:25 - 2014-02-17 23:24 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-17 23:24 - 2014-03-06 19:02 - 00000000 ____D () C:\Users\Selda\AppData\Local\Adobe
2014-02-17 23:24 - 2014-02-17 23:24 - 00000000 ____D () C:\Program Files\Java
2014-02-17 23:23 - 2014-02-17 23:23 - 00000000 ____D () C:\Users\Selda\AppData\Local\AOL
2014-02-17 22:15 - 2014-03-01 15:19 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-02-17 22:15 - 2014-02-17 22:15 - 00000000 ____D () C:\Users\Selda\AppData\Local\Hewlett-Packard
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Users\Selda\Documents\Bluetooth-Exchange-Ordner
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Users\Selda\Bluetooth Software
2014-02-17 22:13 - 2014-03-07 21:42 - 00000582 _____ () C:\Windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Selda.job
2014-02-17 22:13 - 2014-02-23 11:53 - 00000000 ____D () C:\Users\Selda\AppData\Local\QuickPlay
2014-02-17 22:13 - 2014-02-20 15:21 - 00070744 _____ () C:\Users\Selda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Symantec
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\ATI
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 ____D () C:\Users\Selda\AppData\Local\ATI
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 _____ () C:\Users\Selda\AppData\Local\QSwitch.txt
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 _____ () C:\Users\Selda\AppData\Local\DSwitch.txt
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 _____ () C:\Users\Selda\AppData\Local\AtStart.txt
2014-02-17 22:12 - 2014-02-25 22:58 - 00000944 _____ () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-02-17 22:12 - 2014-02-21 23:05 - 00000949 _____ () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-17 22:12 - 2014-02-21 21:50 - 00000915 _____ () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-02-17 22:12 - 2014-02-17 22:15 - 00000000 ____D () C:\Users\Selda\AppData\Local\VirtualStore
2014-02-17 22:12 - 2014-02-17 22:12 - 00000044 _____ () C:\Windows\system\hpsysdrv.dat
2014-02-17 22:11 - 2014-02-17 22:11 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Macromedia
2014-02-17 22:10 - 2014-03-06 19:03 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Adobe
2014-02-17 22:10 - 2014-03-01 18:21 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Hewlett-Packard
2014-02-17 22:10 - 2014-02-17 22:10 - 00000373 ____H () C:\IPH.PH
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\ProgramData\Viewpoint
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\Viewpoint
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\AIM6
2014-02-17 22:10 - 2008-05-25 02:54 - 00001894 _____ () C:\Users\Public\Desktop\Für Kinder.lnk
2014-02-17 22:10 - 2008-05-25 02:53 - 00002035 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-02-17 22:09 - 2008-05-25 02:57 - 00001859 _____ () C:\Users\Public\Desktop\HP Total Care Advisor.lnk
2014-02-17 22:08 - 2014-02-17 22:08 - 00000000 __RSH () C:\Windows\system32\Drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8404NQ5_E465488-042_4A_I3600_SQuanta_V98.36_F.38_T091111_WV3-1_L407_M3069_J320_7AMD_8F31_92.20_#140217_N10EC8168;168C002A_(FV675EA#ABD)_XMOBILE_CN10_Z_2Rev 1.MRK
2014-02-17 22:07 - 2014-03-07 21:50 - 00000000 ____D () C:\Users\Selda
2014-02-17 22:07 - 2014-02-17 22:07 - 00000020 ___SH () C:\Users\Selda\ntuser.ini
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Startmenü
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Netzwerkumgebung
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Druckumgebung
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Documents\Eigene Musik
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Documents\Eigene Bilder
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\AppData\Local\Verlauf
2014-02-17 22:07 - 2014-02-17 21:54 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-02-17 22:07 - 2014-02-17 21:52 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-17 22:07 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-17 22:07 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Programme
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-02-17 21:55 - 2014-02-17 21:55 - 00000000 ____D () C:\ProgramData\ATI
2014-02-17 21:54 - 2014-03-07 19:44 - 00000269 _____ () C:\Users\Public\Documents\hpqp.ini
2014-02-17 21:54 - 2014-02-17 21:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-02-17 21:54 - 2014-02-17 21:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-02-17 21:54 - 2014-02-17 21:54 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-17 21:54 - 2000-06-23 12:46 - 00033820 _____ () C:\Windows\WMPrfDeu.prx
2014-02-17 21:49 - 2014-02-17 21:49 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2014-02-17 21:48 - 2014-02-17 21:55 - 00000045 _____ () C:\Windows\system32\HDDTempError.log
2014-02-17 21:47 - 2014-02-17 21:47 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-02-17 21:45 - 2014-02-17 21:45 - 00000000 ____D () C:\Windows\system32\es-MX
2014-02-17 21:45 - 2014-02-17 21:45 - 00000000 ____D () C:\Windows\system32\es-AR
2014-02-17 21:45 - 2014-02-17 21:45 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-02-17 21:45 - 2008-02-01 09:41 - 00233472 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupport.dll
2014-02-17 21:45 - 2008-02-01 09:41 - 00080936 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-02-17 21:45 - 2008-02-01 09:41 - 00080424 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-02-17 21:45 - 2008-02-01 09:41 - 00016168 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-02-17 21:44 - 2014-02-17 21:44 - 00000000 ____D () C:\Program Files\AMD
2014-02-17 21:44 - 2008-01-07 21:42 - 00015416 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\Amddfltr.sys
2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Windows\system32\HPMDP
2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Windows\Driver Cache
2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Program Files\AVerMedia
2014-02-17 21:42 - 2014-02-17 21:42 - 00000000 ____D () C:\Windows\system32\nn-NO
2014-02-17 21:42 - 2014-02-17 21:42 - 00000000 ____D () C:\ProgramData\Atheros
2014-02-17 21:42 - 2014-02-17 21:42 - 00000000 ____D () C:\Program Files\Cisco
2014-02-17 21:42 - 2014-02-17 21:42 - 00000000 ____D () C:\Program Files\Atheros
2014-02-17 21:42 - 2008-04-27 11:07 - 00909824 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2014-02-17 21:42 - 2008-04-22 05:13 - 00376832 _____ (Atheros) C:\Windows\system32\S64CPA.exe
2014-02-17 21:42 - 2008-04-22 05:13 - 00053248 _____ (Atheros) C:\Windows\system32\athihvui.dll
2014-02-17 21:42 - 2008-04-22 05:12 - 00393216 _____ (Atheros) C:\Windows\system32\athihvs.dll
2014-02-17 21:41 - 2014-02-17 21:41 - 00000000 ____D () C:\Program Files\Realtek
2014-02-17 21:41 - 2008-04-14 20:05 - 00118784 _____ (Realtek Corporation ) C:\Windows\system32\Drivers\Rtlh86.sys
2014-02-17 21:40 - 2008-06-27 20:53 - 00376832 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestecap.dll
2014-02-17 21:40 - 2008-06-27 20:53 - 00133632 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestacap.dll
2014-02-17 21:40 - 2008-06-27 20:53 - 00073728 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCom.dll
2014-02-17 21:40 - 2008-06-27 20:53 - 00053248 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestaren.dll
2014-02-17 21:40 - 2008-06-27 20:42 - 00442467 _____ (IDT, Inc.) C:\Windows\sttray.exe
2014-02-17 21:40 - 2008-06-27 20:41 - 02473984 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll
2014-02-17 21:40 - 2008-06-27 20:40 - 05615715 _____ (IDT, Inc.) C:\Windows\system32\idtcpl.cpl
2014-02-17 21:40 - 2008-06-27 20:40 - 00516096 _____ (IDT, Inc.) C:\Windows\system32\idtmini1.exe
2014-02-17 21:39 - 2014-02-17 21:41 - 00000000 ____D () C:\Program Files\IDT
2014-02-17 21:39 - 2014-02-17 21:39 - 00000251 _____ () C:\Windows\xUninstall.bat
2014-02-17 21:39 - 2008-06-27 20:43 - 00678400 _____ (IDT, Inc.) C:\Windows\system32\stapo.dll
2014-02-17 21:39 - 2008-06-27 20:42 - 00173568 _____ (IDT, Inc.) C:\Windows\system32\staco.dll
2014-02-17 21:39 - 2008-06-27 20:41 - 00406016 _____ (IDT, Inc.) C:\Windows\system32\stapi32.dll
2014-02-17 21:38 - 2014-02-17 21:39 - 00000000 ____D () C:\Windows\JMCR_DIR
2014-02-17 21:38 - 2014-02-17 21:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01000.Wdf
2014-02-17 21:37 - 2014-02-17 21:37 - 00000000 ____D () C:\Program Files\Synaptics
2014-02-17 21:35 - 2014-02-17 21:36 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-17 21:33 - 2014-02-17 21:33 - 00000000 ____D () C:\Program Files\ATI
2014-02-17 21:29 - 2014-03-06 10:34 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-17 21:28 - 2014-03-07 21:23 - 01913636 _____ () C:\Windows\WindowsUpdate.log
==================== One Month Modified Files and Folders =======
2014-03-07 21:52 - 2014-03-07 21:52 - 00018233 _____ () C:\Users\Selda\Downloads\FRST.txt
2014-03-07 21:52 - 2014-03-07 21:52 - 00000000 ____D () C:\FRST
2014-03-07 21:51 - 2014-03-07 21:51 - 01145344 _____ (Farbar) C:\Users\Selda\Downloads\FRST.exe
2014-03-07 21:50 - 2014-03-07 21:50 - 00000472 _____ () C:\Users\Selda\Downloads\defogger_disable.log
2014-03-07 21:50 - 2014-03-07 21:50 - 00000000 _____ () C:\Users\Selda\defogger_reenable
2014-03-07 21:50 - 2014-02-17 22:07 - 00000000 ____D () C:\Users\Selda
2014-03-07 21:49 - 2014-03-07 21:49 - 00050477 _____ () C:\Users\Selda\Downloads\Defogger.exe
2014-03-07 21:43 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 21:43 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 21:42 - 2014-02-17 22:13 - 00000582 _____ () C:\Windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Selda.job
2014-03-07 21:31 - 2014-03-07 21:31 - 00000974 _____ () C:\Users\Selda\Desktop\test.txt
2014-03-07 21:23 - 2014-02-17 21:28 - 01913636 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 21:21 - 2014-02-18 00:57 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 21:01 - 2014-02-18 00:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 20:55 - 2014-02-18 00:57 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 20:45 - 2014-02-18 00:08 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Skype
2014-03-07 19:44 - 2014-02-17 21:54 - 00000269 _____ () C:\Users\Public\Documents\hpqp.ini
2014-03-07 19:44 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-07 19:43 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 23:00 - 2014-03-04 23:54 - 00000000 ____D () C:\Users\Selda\Desktop\Hits aktuell
2014-03-06 21:02 - 2014-03-06 21:02 - 00004608 _____ () C:\Users\Selda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-06 20:25 - 2014-03-06 19:24 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Apple Computer
2014-03-06 19:25 - 2014-03-06 19:25 - 00000000 ____D () C:\Users\Selda\AppData\Local\Apple Computer
2014-03-06 19:22 - 2014-03-06 19:21 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-06 19:21 - 2014-03-06 19:21 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-06 19:21 - 2014-03-06 19:21 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-06 19:19 - 2014-03-06 19:19 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-06 19:18 - 2014-03-06 19:18 - 00000000 ____D () C:\Users\Selda\AppData\Local\Apple
2014-03-06 19:18 - 2014-03-06 19:18 - 00000000 ____D () C:\ProgramData\Apple
2014-03-06 19:18 - 2014-03-06 19:18 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-06 19:17 - 2014-03-06 19:15 - 41945432 _____ (Apple Inc.) C:\Users\Selda\Downloads\QuickTimeInstaller.exe
2014-03-06 19:08 - 2014-03-06 19:08 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\at.helbling.eversion.pamina
2014-03-06 19:07 - 2014-03-06 19:07 - 00000941 _____ () C:\Users\Public\Desktop\PaMina e-version.lnk
2014-03-06 19:07 - 2014-03-06 19:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-06 19:07 - 2014-03-06 19:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-06 19:07 - 2014-03-06 19:06 - 00000000 ____D () C:\Program Files\Helbling
2014-03-06 19:07 - 2008-05-25 02:43 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-06 19:07 - 2008-05-25 02:43 - 00000000 ____D () C:\Program Files\Adobe
2014-03-06 19:06 - 2014-03-06 19:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-03-06 19:03 - 2014-02-17 22:10 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Adobe
2014-03-06 19:02 - 2014-02-17 23:24 - 00000000 ____D () C:\Users\Selda\AppData\Local\Adobe
2014-03-06 10:35 - 2006-11-02 14:01 - 00019530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-06 10:34 - 2014-02-17 21:29 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-04 11:29 - 2014-02-18 01:00 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-03-02 17:26 - 2006-11-02 11:33 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 16:16 - 2014-03-02 16:16 - 00010484 _____ () C:\Users\Selda\Downloads\Einfuehrungsstunde Tanzen.zip
2014-03-02 16:09 - 2014-03-02 16:09 - 00023552 _____ () C:\Users\Selda\Downloads\Freies Tanzen.xls
2014-03-01 18:21 - 2014-02-17 22:10 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Hewlett-Packard
2014-03-01 15:19 - 2014-02-17 22:15 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-03-01 15:19 - 2008-05-25 02:11 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-28 00:59 - 2008-05-25 01:29 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-28 00:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-27 15:00 - 2014-02-23 21:59 - 00000000 ____D () C:\ProgramData\HP
2014-02-27 14:27 - 2014-02-23 21:59 - 00146162 _____ () C:\Windows\hpoins18.dat
2014-02-27 14:27 - 2014-02-23 21:59 - 00001313 _____ () C:\ProgramData\hpzinstall.log
2014-02-27 14:26 - 2006-11-02 13:52 - 00109578 _____ () C:\Windows\setupact.log
2014-02-27 14:26 - 2006-11-02 11:23 - 00000179 _____ () C:\Windows\win.ini
2014-02-26 16:54 - 2008-01-21 03:47 - 00074270 _____ () C:\Windows\PFRO.log
2014-02-25 23:04 - 2014-02-25 23:04 - 00000000 ____D () C:\Users\Selda\Desktop\bewegungslieder
2014-02-25 22:58 - 2014-02-17 22:12 - 00000944 _____ () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-02-25 22:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-02-25 00:52 - 2014-02-25 00:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-02-25 00:33 - 2008-05-25 02:27 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-25 00:24 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-25 00:19 - 2014-02-25 00:19 - 00000056 ____H () C:\Windows\system32\ezsidmv.dat
2014-02-23 22:54 - 2014-02-23 22:54 - 00000000 ____D () C:\ProgramData\WEBREG
2014-02-23 22:54 - 2014-02-23 22:29 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\HP
2014-02-23 22:31 - 2014-02-23 22:28 - 00000680 _____ () C:\Users\Selda\AppData\Local\d3d9caps.dat
2014-02-23 22:19 - 2014-02-23 22:19 - 00001870 _____ () C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
2014-02-23 22:19 - 2014-02-23 22:19 - 00000000 ____D () C:\ProgramData\HPSSUPPLY
2014-02-23 22:19 - 2008-05-25 01:45 - 00000000 ____D () C:\Program Files\HP
2014-02-23 22:18 - 2014-02-23 22:18 - 00002029 _____ () C:\Users\Public\Desktop\HP Photosmart Essential.lnk
2014-02-23 22:18 - 2014-02-23 22:10 - 00000000 ____D () C:\Program Files\Common Files\HP
2014-02-23 22:14 - 2014-02-23 22:14 - 00001204 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2014-02-23 22:11 - 2014-02-23 22:11 - 00000000 ____D () C:\Program Files\Common Files\Hewlett-Packard
2014-02-23 22:11 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2014-02-23 22:07 - 2008-05-25 02:55 - 00030404 _____ () C:\Windows\DPINST.LOG
2014-02-23 21:57 - 2014-02-23 21:53 - 167339144 _____ () C:\Users\Selda\Downloads\AIO_CDA_Full_Network_deu_NB.exe
2014-02-23 21:18 - 2014-02-23 21:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2014-02-23 19:42 - 2014-02-23 19:42 - 00387584 _____ () C:\Users\Selda\Downloads\KL_bodyparts_guessing.ppt
2014-02-23 19:42 - 2014-02-23 19:42 - 00387584 _____ () C:\Users\Selda\Downloads\KL_bodyparts_guessing (1).ppt
2014-02-23 19:42 - 2014-02-23 19:42 - 00214528 _____ () C:\Users\Selda\Downloads\KL_mybody.ppt
2014-02-23 19:41 - 2008-05-25 02:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-23 11:53 - 2014-02-17 22:13 - 00000000 ____D () C:\Users\Selda\AppData\Local\QuickPlay
2014-02-23 11:48 - 2006-11-02 13:47 - 00296656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-23 11:46 - 2014-02-23 11:46 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-23 11:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\el-GR
2014-02-23 11:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-23 11:45 - 2008-05-25 11:02 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-02-23 11:45 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-02-23 11:45 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\th-TH
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\it-IT
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\he-IL
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\et-EE
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-02-23 11:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-23 00:49 - 2014-02-23 00:49 - 03063561 _____ (Macromedia, Inc.) C:\Users\Public\Documents\MobileTV.exe
2014-02-23 00:49 - 2014-02-23 00:49 - 02989660 _____ (Macromedia, Inc.) C:\Users\Public\Documents\DVD.exe
2014-02-23 00:49 - 2014-02-23 00:49 - 02864396 _____ (Macromedia, Inc.) C:\Users\Public\Documents\MPV.exe
2014-02-23 00:49 - 2014-02-23 00:49 - 02331174 _____ (Macromedia, Inc.) C:\Users\Public\Documents\Karaoke.exe
2014-02-23 00:49 - 2014-02-23 00:49 - 02231606 _____ (Macromedia, Inc.) C:\Users\Public\Documents\Games.exe
2014-02-23 00:49 - 2014-02-23 00:49 - 00000021 _____ () C:\Users\Public\Documents\hpqp.txt
2014-02-23 00:49 - 2014-02-23 00:49 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\CyberLink
2014-02-23 00:49 - 2014-02-23 00:49 - 00000000 ____D () C:\Users\Public\Documents\DEU
2014-02-23 00:14 - 2008-05-25 02:54 - 00000000 ____D () C:\Program Files\EasyBits For Kids
2014-02-21 23:05 - 2014-02-17 22:12 - 00000949 _____ () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-21 23:02 - 2006-11-02 12:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-02-21 22:37 - 2014-02-21 18:55 - 00008448 _____ () C:\Windows\IE9_main.log
2014-02-21 22:05 - 2014-02-21 22:05 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-21 22:05 - 2014-02-21 22:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-21 22:05 - 2014-02-21 22:05 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-21 22:05 - 2014-02-21 22:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-21 22:05 - 2014-02-21 22:05 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-21 22:05 - 2014-02-21 22:05 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-21 22:05 - 2014-02-21 22:05 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-21 22:05 - 2014-02-21 22:05 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-21 22:05 - 2014-02-21 22:05 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-21 22:05 - 2014-02-21 22:05 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-21 22:05 - 2014-02-21 22:05 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-21 22:05 - 2014-02-21 22:05 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-21 22:05 - 2014-02-21 22:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-21 22:05 - 2014-02-21 22:05 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-21 22:05 - 2006-11-02 07:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-02-21 22:05 - 2006-11-02 07:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-02-21 22:03 - 2014-02-21 22:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-02-21 22:03 - 2014-02-21 22:03 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-21 22:03 - 2014-02-21 22:03 - 00979456 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2014-02-21 22:03 - 2014-02-21 22:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-02-21 22:03 - 2014-02-21 22:03 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2014-02-21 22:03 - 2014-02-21 22:03 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2014-02-21 22:03 - 2014-02-21 22:03 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-02-21 22:03 - 2014-02-21 22:03 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-21 22:03 - 2014-02-21 22:03 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-02-21 22:02 - 2014-02-21 22:02 - 01554432 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-02-21 22:02 - 2014-02-21 22:02 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-02-21 22:02 - 2014-02-21 22:02 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-02-21 22:02 - 2014-02-21 22:02 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-02-21 22:02 - 2014-02-21 22:02 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-02-21 22:02 - 2014-02-21 22:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-02-21 22:02 - 2014-02-21 22:02 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-02-21 21:58 - 2014-02-21 21:58 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-02-21 21:58 - 2014-02-21 21:58 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-02-21 21:58 - 2014-02-21 21:58 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-21 21:58 - 2014-02-21 21:58 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-02-21 21:58 - 2014-02-21 21:58 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2014-02-21 21:58 - 2014-02-21 21:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-02-21 21:58 - 2014-02-21 21:58 - 00189440 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-02-21 21:50 - 2014-02-17 22:12 - 00000915 _____ () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-02-21 21:40 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-02-21 21:40 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2014-02-21 21:40 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-21 21:40 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Collaboration
2014-02-21 21:40 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Calendar
2014-02-21 21:40 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Movie Maker
2014-02-21 21:39 - 2014-02-21 21:39 - 00000000 ____D () C:\Windows\system32\vi-VN
2014-02-21 21:39 - 2014-02-21 21:39 - 00000000 ____D () C:\Windows\system32\eu-ES
2014-02-21 21:39 - 2014-02-21 21:39 - 00000000 ____D () C:\Windows\system32\ca-ES
2014-02-21 21:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\SLUI
2014-02-21 21:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-02-21 21:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\IME
2014-02-21 21:05 - 2014-02-21 21:05 - 00000000 ____D () C:\Windows\system32\SPReview
2014-02-21 20:20 - 2014-02-21 20:20 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-02-21 20:15 - 2014-02-21 20:06 - 365230920 _____ (Microsoft Corporation) C:\Users\Selda\Downloads\Windows6.0-KB948465-X86.exe
2014-02-21 18:55 - 2014-02-21 18:55 - 18733360 _____ (Microsoft Corporation) C:\Users\Selda\Downloads\IE9-WindowsVista-x86-deu.exe
2014-02-21 18:18 - 2008-05-25 01:30 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-02-21 15:01 - 2014-02-18 00:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 15:01 - 2014-02-18 00:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 15:21 - 2014-02-17 22:13 - 00070744 _____ () C:\Users\Selda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-20 03:38 - 2008-05-25 02:26 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-02-20 03:30 - 2014-02-20 03:30 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-02-20 03:30 - 2014-02-20 03:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-02-20 03:25 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-18 22:15 - 2014-02-18 22:15 - 00000784 _____ () C:\Windows\ie8_main.log
2014-02-18 22:12 - 2014-02-18 19:39 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Google
2014-02-18 21:06 - 2014-02-18 21:00 - 00000438 _____ () C:\Users\Selda\AppData\Roaming\wklnhst.dat
2014-02-18 21:03 - 2014-02-18 21:00 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Template
2014-02-18 19:51 - 2014-02-18 19:51 - 00000000 ____D () C:\Users\Selda\AppData\Local\Skype
2014-02-18 19:50 - 2014-02-18 19:50 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-18 19:50 - 2014-02-18 19:50 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-18 19:50 - 2014-02-18 19:49 - 00000000 ___RD () C:\Program Files\Skype
2014-02-18 19:50 - 2014-02-17 23:58 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 19:39 - 2014-02-18 00:57 - 00000000 ____D () C:\Users\Selda\AppData\Local\Google
2014-02-18 10:56 - 2008-05-25 02:40 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-18 10:33 - 2014-02-17 23:43 - 00000000 ____D () C:\Users\Public\Documents\Symantec
2014-02-18 07:21 - 2008-05-25 02:09 - 00000012 _____ () C:\Windows\CSUP.txt
2014-02-18 02:20 - 2014-02-18 02:20 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-02-18 01:36 - 2014-02-18 01:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 01:00 - 2014-02-18 00:57 - 00000000 ____D () C:\Program Files\Google
2014-02-18 00:58 - 2014-02-18 00:57 - 00000000 ____D () C:\ProgramData\Google
2014-02-18 00:37 - 2014-02-18 00:36 - 00283642 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-18 00:35 - 2014-02-18 00:34 - 00289738 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-18 00:34 - 2014-02-18 00:34 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-18 00:17 - 2008-05-25 02:54 - 00588472 _____ (EasyBits Software AS) C:\Windows\system32\ezsvc7x.dll
2014-02-17 23:51 - 2008-05-25 01:29 - 00000000 ____D () C:\ProgramData\Symantec
2014-02-17 23:50 - 2008-05-25 01:29 - 00124464 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2014-02-17 23:50 - 2008-05-25 01:29 - 00010635 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT
2014-02-17 23:50 - 2008-05-25 01:29 - 00000000 ____D () C:\Program Files\Symantec
2014-02-17 23:45 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-02-17 23:26 - 2014-02-17 23:26 - 00000000 ____D () C:\Windows\Sun
2014-02-17 23:26 - 2014-02-17 23:26 - 00000000 ____D () C:\ProgramData\Sun
2014-02-17 23:26 - 2014-02-17 23:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-17 23:26 - 2014-02-17 23:26 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-17 23:25 - 2014-02-17 23:26 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-17 23:25 - 2014-02-17 23:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-17 23:25 - 2014-02-17 23:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-17 23:24 - 2014-02-17 23:25 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-17 23:24 - 2014-02-17 23:24 - 00000000 ____D () C:\Program Files\Java
2014-02-17 23:23 - 2014-02-17 23:23 - 00000000 ____D () C:\Users\Selda\AppData\Local\AOL
2014-02-17 23:23 - 2008-05-25 02:03 - 00000049 __RSH () C:\Users\Public\Documents\HBEPGUID.TXT
2014-02-17 22:15 - 2014-02-17 22:15 - 00000000 ____D () C:\Users\Selda\AppData\Local\Hewlett-Packard
2014-02-17 22:15 - 2014-02-17 22:12 - 00000000 ____D () C:\Users\Selda\AppData\Local\VirtualStore
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Users\Selda\Documents\Bluetooth-Exchange-Ordner
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Users\Selda\Bluetooth Software
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Symantec
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\ATI
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 ____D () C:\Users\Selda\AppData\Local\ATI
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 _____ () C:\Users\Selda\AppData\Local\QSwitch.txt
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 _____ () C:\Users\Selda\AppData\Local\DSwitch.txt
2014-02-17 22:13 - 2014-02-17 22:13 - 00000000 _____ () C:\Users\Selda\AppData\Local\AtStart.txt
2014-02-17 22:12 - 2014-02-17 22:12 - 00000044 _____ () C:\Windows\system\hpsysdrv.dat
2014-02-17 22:12 - 2008-04-10 11:26 - 00000000 ____D () C:\Windows\SMINST
2014-02-17 22:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2014-02-17 22:11 - 2014-02-17 22:11 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Macromedia
2014-02-17 22:10 - 2014-02-17 22:10 - 00000373 ____H () C:\IPH.PH
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\ProgramData\Viewpoint
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\Viewpoint
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\AIM6
2014-02-17 22:10 - 2008-05-25 10:55 - 00000000 ___HD () C:\HP
2014-02-17 22:10 - 2008-05-25 02:11 - 00000000 ___RD () C:\Program Files\Online Services
2014-02-17 22:09 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\restore
2014-02-17 22:09 - 1999-03-30 19:17 - 00000000 ___HD () C:\System.sav
2014-02-17 22:08 - 2014-02-17 22:08 - 00000000 __RSH () C:\Windows\system32\Drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8404NQ5_E465488-042_4A_I3600_SQuanta_V98.36_F.38_T091111_WV3-1_L407_M3069_J320_7AMD_8F31_92.20_#140217_N10EC8168;168C002A_(FV675EA#ABD)_XMOBILE_CN10_Z_2Rev 1.MRK
2014-02-17 22:07 - 2014-02-17 22:07 - 00000020 ___SH () C:\Users\Selda\ntuser.ini
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Startmenü
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Netzwerkumgebung
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Druckumgebung
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Documents\Eigene Musik
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\Documents\Eigene Bilder
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-17 22:07 - 2014-02-17 22:07 - 00000000 _SHDL () C:\Users\Selda\AppData\Local\Verlauf
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\Programme
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-02-17 22:03 - 2014-02-17 22:03 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-02-17 22:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-17 21:56 - 2008-05-25 11:05 - 00000000 ____D () C:\Windows\panther
2014-02-17 21:55 - 2014-02-17 21:55 - 00000000 ____D () C:\ProgramData\ATI
2014-02-17 21:55 - 2014-02-17 21:48 - 00000045 _____ () C:\Windows\system32\HDDTempError.log
2014-02-17 21:55 - 2006-11-02 13:48 - 00005506 _____ () C:\Windows\DtcInstall.log
2014-02-17 21:54 - 2014-02-17 22:07 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-02-17 21:54 - 2014-02-17 21:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-02-17 21:54 - 2014-02-17 21:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-02-17 21:54 - 2014-02-17 21:54 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-17 21:54 - 2008-05-25 01:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-17 21:53 - 2008-05-25 02:44 - 00000000 ____D () C:\Program Files\CyberLink
2014-02-17 21:52 - 2014-02-17 22:07 - 00000000 ____D () C:\Users\Selda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-17 21:52 - 2008-05-25 02:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-17 21:52 - 2008-05-25 02:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-17 21:49 - 2014-02-17 21:49 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2014-02-17 21:47 - 2014-02-17 21:47 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-02-17 21:45 - 2014-02-17 21:45 - 00000000 ____D () C:\Windows\system32\es-MX
2014-02-17 21:45 - 2014-02-17 21:45 - 00000000 ____D () C:\Windows\system32\es-AR
2014-02-17 21:45 - 2014-02-17 21:45 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-02-17 21:44 - 2014-02-17 21:44 - 00000000 ____D () C:\Program Files\AMD
2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Windows\system32\HPMDP
2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Windows\Driver Cache
2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Program Files\AVerMedia
2014-02-17 21:43 - 2008-05-25 01:22 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-02-17 21:42 - 2014-02-17 21:42 - 00000000 ____D () C:\Windows\system32\nn-NO
2014-02-17 21:42 - 2014-02-17 21:42 - 00000000 ____D () C:\ProgramData\Atheros
2014-02-17 21:42 - 2014-02-17 21:42 - 00000000 ____D () C:\Program Files\Cisco
2014-02-17 21:42 - 2014-02-17 21:42 - 00000000 ____D () C:\Program Files\Atheros
2014-02-17 21:41 - 2014-02-17 21:41 - 00000000 ____D () C:\Program Files\Realtek
2014-02-17 21:41 - 2014-02-17 21:39 - 00000000 ____D () C:\Program Files\IDT
2014-02-17 21:39 - 2014-02-17 21:39 - 00000251 _____ () C:\Windows\xUninstall.bat
2014-02-17 21:39 - 2014-02-17 21:38 - 00000000 ____D () C:\Windows\JMCR_DIR
2014-02-17 21:38 - 2014-02-17 21:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01000.Wdf
2014-02-17 21:37 - 2014-02-17 21:37 - 00000000 ____D () C:\Program Files\Synaptics
2014-02-17 21:36 - 2014-02-17 21:35 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-17 21:33 - 2014-02-17 21:33 - 00000000 ____D () C:\Program Files\ATI
2014-02-17 21:30 - 2008-02-08 07:51 - 00005949 _____ () C:\Windows\TSSysprep.log
Some content of TEMP:
====================
C:\Users\Selda\AppData\Local\Temp\HPQSi.exe
C:\Users\Selda\AppData\Local\Temp\SP42277.exe
C:\Users\Selda\AppData\Local\Temp\symlcsv1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-07 19:50
==================== End Of Log ============================ Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2014 01
Ran by at 2014-03-07 21:54:28
Running from C:\Users\\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
AIM (HKLM\...\AIM_6) (Version: - )
AIO_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
AMD Driver Support for HP 3D DriverGuard (Version: 5.1.0000.0066 - Advanced Micro Devices, Inc.) Hidden
AOL Toolbar 5.0 (HKLM\...\AOL Toolbar) (Version: 5.2.69.1 - AOL LLC)
AppCore (Version: 1.3 - Symantec Corporation) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{80C2AD19-97A2-C829-38DE-5FD5B47F122B}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
AVerMedia A309 (MiniCard, DVB-T) 1.0.0.43 (HKLM\...\AVerMedia A309 (MiniCard, DVB-T)) (Version: 1.0.0.43 - AVerMedia TECHNOLOGIES, Inc.)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
C6100 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
c6100_Help (Version: 82.0.233.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (HKLM\...\{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0328.2322.39969 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0328.2322.39969 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Czech (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Danish (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Dutch (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help English (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Finnish (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help French (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help German (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Greek (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Italian (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Japanese (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Korean (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Polish (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Russian (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Spanish (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Swedish (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Thai (Version: 2008.0328.2321.39969 - ATI) Hidden
CCC Help Turkish (Version: 2008.0328.2321.39969 - ATI) Hidden
ccc-core-static (Version: 2008.0328.2322.39969 - Ihr Firmenname) Hidden
ccCommon (Version: 107.0.4.3 - Symantec) Hidden
ccc-utility (Version: 2008.0328.2322.39969 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Component Framework (Version: 2006.1.3.35 - Symantec Corporation) Hidden
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (HKLM\...\{28C3E5E6-5ACA-408D-9A46-089C5334EC97}) (Version: 2.0.7.0 - Hewlett-Packard)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6200 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons 6.40 D3 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D3 - Hewlett-Packard)
HP QuickTouch 1.00 D2 (HKLM\...\{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}) (Version: 1.0.9 - Hewlett-Packard)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Total Care Advisor (HKLM\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.1.3359.2635 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0102 (HKLM\...\{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{A5CE7175-080D-49AC-B5A3-E7E3502428F5}) (Version: 3.00 I2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5893.0 - IDT)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.10.04 - JMicron Technology Corp.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
LiveUpdate (Symantec Corporation) (HKLM\...\PsuedoLiveUpdate) (Version: 3.4.1.232 - Symantec Corporation)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238 - Symantec Corporation) Hidden
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
Norton AntiVirus (Version: 15.5.0.23 - Symantec Corporation) Hidden
Norton AntiVirus Help (Version: 15.0 - Symantec Corporation) Hidden
Norton Confidential Core (Version: 2.5.0.32 - Symantec Corporation) Hidden
Norton Internet Security (Symantec Corporation) (HKLM\...\SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}) (Version: 15.5.0.23 - Symantec Corporation)
Norton Internet Security (Version: 15.5.0.23 - Symantec Corporation) Hidden
Norton Protection Center (Version: 3.6.0.18 - Symantec Corporation) Hidden
PaMina e-version (HKLM\...\at.helbling.eversion.pamina) (Version: 4.0 - Helbling Verlag Gmbh)
PaMina e-version (Version: 4.0 - Helbling Verlag Gmbh) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}) (Version: 3.10 A7 - Hewlett-Packard)
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Skins (Version: 2008.0328.2322.39969 - ATI) Hidden
Skype™ 6.13 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
SPBBC 32bit (Version: 4.1.0.15 - Symantec Corporation) Hidden
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Symantec Real Time Storage Protection Component (Version: 10.2.3.9 - Symantec Corporation) Hidden
SymNet (Version: 8.0.3.4 - Symantec Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
==================== Restore Points =========================
18-02-2014 18:44:50 Windows Update
20-02-2014 02:01:15 Windows Update
20-02-2014 23:27:59 Windows Update
21-02-2014 13:55:05 Windows Update
21-02-2014 14:07:11 Windows Update
21-02-2014 19:22:54 Windows Vista™ Service Pack 2
21-02-2014 20:57:31 Windows-Modulinstallation
21-02-2014 21:05:54 Windows Update
22-02-2014 15:04:03 Windows Update
22-02-2014 23:58:09 Windows Update
23-02-2014 20:23:50 Gerätetreiber-Paketinstallation: Hewlett-Packard Bildverarbeitungsgeräte
23-02-2014 21:01:40 Gerätetreiber-Paketinstallation: Hewlett-Packard Drucker
23-02-2014 21:02:21 Gerätetreiber-Paketinstallation: Hewlett-Packard Bildverarbeitungsgeräte
23-02-2014 21:04:07 Gerätetreiber-Paketinstallation: Hewlett-Packard USB-Controller
24-02-2014 23:32:51 Windows Update
24-02-2014 23:43:21 Windows Update
25-02-2014 23:43:19 Windows Update
27-02-2014 13:37:39 Windows Update
01-03-2014 18:32:49 Geplanter Prüfpunkt
03-03-2014 23:16:38 Installed HP Product Assistant
04-03-2014 09:49:56 Windows Update
06-03-2014 18:19:33 Installed QuickTime 7
07-03-2014 18:51:05 Windows Update
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {08BE33D2-17BD-411E-801D-8D7E373998C0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3837E7C3-D0F8-4DAB-B526-87CD5A3A0791} - System32\Tasks\ExtendedServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2008-04-15] ()
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4670F04F-62FD-40D4-8610-E391CE317F10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {49070B72-00ED-4279-8033-C84138404505} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.)
Task: {54C0AC4D-0933-46C8-932E-681089274F8A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6E1DEF76-D261-4612-8F93-54E710B12853} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.)
Task: {8FD24EE8-F692-444E-BBE6-3921706DB98C} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {9D3C8042-CB4E-4296-8B16-3E7D84AE0368} - System32\Tasks\Norton Internet Security - Systemprüfung ausführen - Selda => c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07] (Symantec Corporation)
Task: {A37AEA0E-82EF-4739-8C59-675E376B925A} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2008-04-15] ()
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Selda.job => c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
==================== Loaded Modules (whitelisted) =============
2014-02-21 20:30 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-05-25 01:45 - 2008-05-14 21:56 - 00120216 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2008-05-25 01:45 - 2008-05-14 21:56 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-05-25 01:45 - 2008-05-14 21:56 - 00345384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2008-03-28 10:19 - 2008-03-28 10:19 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-07-12 12:55 - 2007-07-12 12:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 12:59 - 2007-08-14 12:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 12:55 - 2007-07-12 12:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-01-16 17:51 - 2008-01-16 17:51 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2008-05-25 02:59 - 2008-03-26 14:26 - 00341328 _____ () C:\Windows\SMINST\BLService.exe
2008-05-25 02:59 - 2006-09-13 12:54 - 00081920 _____ () C:\Windows\SMINST\STString.dll
2008-05-25 02:59 - 2007-11-14 14:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-05-25 02:52 - 2007-01-09 10:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-05-25 01:45 - 2008-05-14 21:56 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
2008-05-25 01:58 - 2008-04-11 08:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2008-02-27 14:48 - 2008-02-27 14:48 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2008-05-25 01:29 - 2008-05-25 01:29 - 01245064 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2008-05-25 01:29 - 2008-05-25 01:29 - 00357768 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
2014-03-04 11:29 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 11:29 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 11:29 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 11:29 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-02-18 11:00 - 2014-02-18 11:00 - 04591616 _____ () C:\Users\Selda\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-02-18 11:00 - 2014-02-18 11:00 - 00112128 _____ () C:\Users\Selda\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
2014-03-04 11:29 - 2014-03-02 03:35 - 13632840 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
2014-03-07 21:49 - 2014-03-07 21:49 - 00050477 _____ () C:\Users\Selda\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2014 07:44:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/06/2014 08:24:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/06/2014 06:26:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/06/2014 10:34:35 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (03/05/2014 04:16:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/04/2014 11:06:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/04/2014 10:34:34 PM) (Source: Application Hang) (User: )
Description: Programm hpsdpapp.exe, Version 5.7.0.2630 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: ba8
Anfangszeit: 01cf37efede2f050
Zeitpunkt der Beendigung: 4
Error: (03/04/2014 05:05:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/04/2014 10:43:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/02/2014 05:22:16 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe_hpqcxs08, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x3e210cc4,
Prozess-ID 0xc04, Anwendungsstartzeit svchost.exe_hpqcxs080.
System errors:
=============
Error: (03/07/2014 07:44:20 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/07/2014 07:43:39 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 07.03.2014 um 19:36:18 unerwartet heruntergefahren.
Error: (03/06/2014 10:13:04 PM) (Source: VDS Dynamic Provider) (User: )
Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505
Error: (03/06/2014 08:25:01 PM) (Source: Service Control Manager) (User: )
Description: hpqwmiex%%1053
Error: (03/06/2014 08:25:01 PM) (Source: Service Control Manager) (User: )
Description: 30000hpqwmiex
Error: (03/06/2014 08:25:01 PM) (Source: DCOM) (User: )
Description: 1053hpqwmiex{F5539356-2F02-40D4-999E-FA61F45FE12E}
Error: (03/06/2014 08:24:36 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/06/2014 08:23:45 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 06.03.2014 um 20:22:40 unerwartet heruntergefahren.
Error: (03/06/2014 06:26:35 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/06/2014 05:48:13 AM) (Source: VDS Dynamic Provider) (User: )
Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505
Microsoft Office Sessions:
=========================
Error: (03/04/2014 01:23:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 49328 seconds with 60 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-02-21 20:22:25.635
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 20:22:25.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 20:22:25.199
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 20:22:24.962
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 20:22:24.729
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2008-05-25 04:07:08.008
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2008-05-25 04:07:07.992
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2008-05-25 04:07:07.992
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2008-05-25 04:07:07.976
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2008-05-25 04:07:01.222
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 70%
Total physical RAM: 3068.9 MB
Available physical RAM: 917.96 MB
Total Pagefile: 6357.81 MB
Available Pagefile: 4426.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.16 GB) (Free:206.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.92 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 6F7D32D3)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
==================== End Of Log ============================ hallo schrauber,
ich habe soeben den GMER Scan durchgeführt und es traten tatsächlich Probleme auf. Zunächst schaltete sich mein Norton Virenschutz wieder ein. Damit keine Verfälschungen im Scan auftreten habe ich den Scan gestoppt, woraufhin die Fehlermedung "GMER has found system modification, which might have been caused by ROOTKIT activity". Allerdings war anders als in eurer Beschreibung, nicht die Möglichkeit des Abwählens ("No") möglich, sondern nur ein "OK" Klick. Daraufhin habe ich das Fenster mit der Meldung geschlossen und den Scan fortgeführt, da der Haken von "show all" und allen anderen Laufwerken entfernt und auf "Quickscan" gesetzt war. Allerdings kamen dann Fehlermeldungen von Programmen auf wie z.B. Skype und anderen Anwedungen. Deshalb habe ich den Scan einige Zeit später abgebrochen, nachdem sich diese Meldungen häuften. Dann erschien die Fehlermeldung mit dem ROOTKIT erneut. Den Scan bis zu diesem Zeitpunkt habe ich abgespeichert und schicke euch diesen anbei.
P.S. Der Scan hat über eine halbe Stunde gedauert, ist das üblich?
LG
pytagoras Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-07 23:11:02
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000099 rev. 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Selda\AppData\Local\Temp\ugloypob.sys
---- System - GMER 2.1 ----
SSDT 8809CEF0 ZwAlertResumeThread
SSDT 8809CFD0 ZwAlertThread
SSDT 8809C730 ZwAllocateVirtualMemory
SSDT 87F57D18 ZwAlpcConnectPort
SSDT 8809CC40 ZwCreateMutant
SSDT 8809D5B0 ZwCreateThread
SSDT 880C1F70 ZwDebugActiveProcess
SSDT 8809C590 ZwFreeVirtualMemory
SSDT 8809CD30 ZwImpersonateAnonymousToken
SSDT 8809CE10 ZwImpersonateThread
SSDT 8809C2B0 ZwMapViewOfSection
SSDT 8809CB60 ZwOpenEvent
SSDT 8804B240 ZwOpenProcessToken
SSDT 8809C9A0 ZwOpenSection
SSDT 880C1008 ZwOpenThreadToken
SSDT 8812E870 ZwResumeThread
SSDT 880C1428 ZwSetContextThread
SSDT 8809C120 ZwSetInformationProcess
SSDT 880C1338 ZwSetInformationThread
SSDT 8809CA80 ZwSuspendProcess
SSDT 880C1178 ZwSuspendThread
SSDT \??\C:\Windows\system32\drivers\CO_Mon.sys ZwTerminateProcess [0xAC37D760]
SSDT 880C1258 ZwTerminateThread
SSDT 8809C1F0 ZwUnmapViewOfSection
SSDT 8809C660 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 81EB1768 2 Bytes [F0, CE] {INTO }
.text ntkrnlpa.exe!KeSetEvent + 120 81EB176B 5 Bytes [88, D0, CF, 09, 88]
.text ntkrnlpa.exe!KeSetEvent + 131 81EB177C 4 Bytes [30, C7, 09, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EB1788 4 Bytes [18, 7D, F5, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EB1840 4 Bytes [40, CC, 09, 88]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9F601000, 0x1FA4DA, 0xE8000020]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FFB4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FE73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7403CB00] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS
---- Threads - GMER 2.1 ----
Thread System [4:356] A075D26E
Thread System [4:360] A0A794C6
Thread System [4:364] A0A10698
---- Processes - GMER 2.1 ----
Library C:\Users\Selda\Downloads\Gmer-19357.exe (*** hidden *** ) @ C:\Users\Selda\Downloads\Gmer-19357.exe [3820] 0x00400000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bd27f7
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.1 ---- |