| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Firefox öffnet sich ständig selbstWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.09.2013, 16:28
| #1 |
 |  Windows 8: Firefox öffnet sich ständig selbst Hallo werter Experte, seit wenigen Tagen öffnet sich mein Firefox selbstständig. Ferner stürzt mein Internet regelmäßig ab! Wie gefordert habe ich die verschiedenen Anwendungen durchgeführt! Vorab besten Dank! |
|
27.09.2013, 17:09
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: Firefox öffnet sich ständig selbst Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
27.09.2013, 17:28
| #3 |
| | Windows 8: Firefox öffnet sich ständig selbst Alles klar, wird gemacht!
__________________defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:53 on 27/09/2013 (JohannesKainer) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedChecking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013
Ran by ************ (administrator) on ACID on 27-09-2013 17:01:41
Running from C:\Users\*************\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Sonix) C:\Windows\vsnp2std.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Windows\FixCamera.exe
() C:\Windows\tsnp2std.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ASUSQuickGesture(x86)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [snp2std] - C:\Windows\vsnp2std.exe [344064 2007-09-28] (Sonix)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-10] ()
HKCU\...\Run: [EPSON SX420W Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S2128.tmp" /EF "HKCU"
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Valve\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
MountPoints2: {0c95ef2c-42fa-11e2-be69-806e6f6e6963} - "E:\Autorun.exe"
MountPoints2: {41eff61b-42fd-11e2-be6f-50465dd0cdc9} - "D:\pushinst.exe"
MountPoints2: {b9d48a4d-432b-11e2-be65-806e6f6e6963} - "E:\AsInsWiz.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [tsnp2std] - C:\Windows\tsnp2std.exe [270336 2007-05-12] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [ClamWin] - C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll ,C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=AC4012689DF3D33D&affID=121563&tsp=4941
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8C6DEC74585DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=AC4012689DF3D33D&affID=121563&tsp=4941
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=AC4012689DF3D33D&affID=121563&tsp=4941
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\**************\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331
FF Homepage: hxxp://www.web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\***********\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Basic - C:\Users\*************\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\Extensions\foxyproxy@eric.h.jung
FF Extension: Bargain Workbench - C:\Users\*************\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\Extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF StartMenuInternet: FIREFOX.EXE - C:\Users\**********\Desktop\Zeugs\Unterlagen\Bewerbung\Bewerbung bereits verschickt - KPMG - Trainee Transaction & Restructuring\FF\firefox.exe
==================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BitGuard; C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3029472 2013-09-13] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [18688 2007-05-30] (ArcSoft, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-21] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 SNP2STD; C:\Windows\system32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-21] (Duplex Secure Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-27 17:01 - 2013-09-27 17:01 - 00000000 ____D C:\FRST
2013-09-27 16:53 - 2013-09-27 16:53 - 00000670 _____ C:\Users\*********\Desktop\defogger_disable.log
2013-09-27 16:53 - 2013-09-27 16:53 - 00000188 _____ C:\Users\*********\defogger_reenable
2013-09-27 16:50 - 2013-09-27 16:51 - 01953854 _____ (Farbar) C:\Users\*****************\Desktop\FRST64.exe
2013-09-27 16:50 - 2013-09-27 16:51 - 00377856 _____ C:\Users\*****************\Desktop\gmer_2.1.19163.exe
2013-09-27 16:47 - 2013-09-27 16:47 - 00050477 _____ C:\Users\*****************\Desktop\Defogger.exe
2013-09-27 16:16 - 2013-09-27 16:28 - 00092658 _____ C:\Windows\WindowsUpdate.log
2013-09-24 18:18 - 2013-09-27 16:54 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-23 18:57 - 2013-09-23 18:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-23 18:55 - 2013-09-23 18:55 - 00000000 ____D C:\Users\*****************\AppData\Local\Citrix
2013-09-22 12:20 - 2013-09-22 13:42 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-09-21 19:13 - 2013-09-21 19:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-21 17:48 - 2013-09-21 19:13 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-21 17:48 - 2013-09-21 17:48 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-21 17:48 - 2013-09-21 17:48 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-21 16:35 - 2013-09-21 17:49 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-21 16:35 - 2013-09-21 17:49 - 00000000 ____D C:\Windows\system32\NV
2013-09-21 16:32 - 2013-09-12 10:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-21 16:32 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00032032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-09-21 10:49 - 2013-09-21 10:49 - 00000000 ____D C:\Users\*****************\AppData\Roaming\File Scout
2013-09-15 16:35 - 2013-09-15 17:24 - 00000000 ____D C:\Users\*****************\Documents\Command and Conquer Generals Zero Hour Data
2013-09-15 09:47 - 2013-09-15 10:27 - 00000000 ____D C:\Users\*****************\Documents\Command and Conquer Generals Data
2013-09-15 09:42 - 2013-09-22 12:31 - 00001493 _____ C:\Users\Public\Desktop\Command & Conquer Die ersten 10 Jahre.lnk
2013-09-15 09:24 - 2013-09-15 09:24 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-09-15 09:18 - 2013-09-15 12:24 - 00419272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-14 19:31 - 2013-09-05 22:09 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-14 19:31 - 2013-09-05 22:09 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-14 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-14 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-13 18:19 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-13 18:19 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-13 18:19 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-13 18:19 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-13 18:19 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-13 18:19 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-13 18:19 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-13 18:18 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-13 18:18 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-13 18:18 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-13 18:18 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-13 18:18 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-13 18:16 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 18:16 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 18:16 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 18:16 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 18:16 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 18:16 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 18:16 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 18:16 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 18:16 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-13 18:16 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-13 18:16 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-13 18:16 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-13 18:16 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-13 18:16 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-13 18:16 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-13 18:16 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-13 18:16 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-13 18:16 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-13 18:16 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-13 18:16 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-13 18:16 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-13 18:16 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-13 18:16 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-13 18:16 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-13 18:16 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-13 18:16 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-13 18:16 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-13 18:16 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-13 18:16 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-13 18:16 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-13 18:16 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-13 18:16 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-13 18:16 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-13 18:16 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-13 18:16 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-13 18:16 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-13 18:16 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-13 18:16 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-13 18:16 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-13 18:16 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-13 18:16 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-13 18:16 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-13 18:16 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-13 18:16 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-13 18:16 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-13 18:16 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-13 18:16 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-13 18:16 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-13 18:16 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-13 18:16 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-13 18:16 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-13 18:04 - 2013-09-13 18:04 - 00000000 ____D C:\Users\*****************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-13 18:04 - 2013-09-13 18:04 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-13 07:12 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 06:53 - 2013-09-13 06:53 - 00000000 ____D C:\Users\*****************\AppData\Roaming\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00001046 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\*****************\Schaeffler
2013-08-28 14:36 - 2013-08-28 14:36 - 00000000 ____D C:\Users\*****************\AppData\Roaming\mp3DirectCut
2013-08-28 14:35 - 2013-08-28 14:35 - 00001059 _____ C:\Users\*****************\Desktop\mp3DirectCut.lnk
2013-08-28 14:35 - 2013-08-28 14:35 - 00000000 ____D C:\Program Files (x86)\mp3DirectCut
==================== One Month Modified Files and Folders =======
2013-09-27 17:02 - 2012-12-10 22:55 - 00000000 ____D C:\Users\*****************\AppData\Local\PMB Files
2013-09-27 17:01 - 2013-09-27 17:01 - 00000000 ____D C:\FRST
2013-09-27 17:00 - 2013-01-21 20:55 - 00000000 ____D C:\Users\*****************\Documents\Outlook-Dateien
2013-09-27 17:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-27 16:58 - 2013-05-16 18:32 - 00003372 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-27 16:58 - 2013-05-16 18:32 - 00003256 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-27 16:58 - 2013-04-12 13:52 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-27 16:54 - 2013-09-24 18:18 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-27 16:54 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-27 16:53 - 2013-09-27 16:53 - 00000670 _____ C:\Users\*****************\Desktop\defogger_disable.log
2013-09-27 16:53 - 2013-09-27 16:53 - 00000188 _____ C:\Users\*****************\defogger_reenable
2013-09-27 16:53 - 2012-12-10 19:51 - 00000000 ____D C:\Users\*****************
2013-09-27 16:51 - 2013-09-27 16:50 - 01953854 _____ (Farbar) C:\Users\*****************\Desktop\FRST64.exe
2013-09-27 16:51 - 2013-09-27 16:50 - 00377856 _____ C:\Users\*****************\Desktop\gmer_2.1.19163.exe
2013-09-27 16:47 - 2013-09-27 16:47 - 00050477 _____ C:\Users\*****************\Desktop\Defogger.exe
2013-09-27 16:28 - 2013-09-27 16:16 - 00092658 _____ C:\Windows\WindowsUpdate.log
2013-09-27 16:27 - 2013-07-20 13:27 - 00000320 _____ C:\Windows\Tasks\DSite.job
2013-09-27 16:16 - 2013-07-27 04:27 - 00000115 _____ C:\Users\*****************\AppData\Roaming\WB.CFG
2013-09-27 16:16 - 2013-07-20 14:27 - 00000005 _____ C:\Users\*****************\AppData\Roaming\WBPU-TTL.DAT
2013-09-27 16:16 - 2012-12-10 19:57 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-27 16:12 - 2013-04-12 13:52 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-27 15:20 - 2012-12-12 12:44 - 00003350 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-27 15:20 - 2012-12-12 12:44 - 00003234 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-26 20:53 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-25 19:39 - 2013-04-22 19:46 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 19:39 - 2012-12-10 22:42 - 00000000 ____D C:\Users\*****************\AppData\Local\Paint.NET
2013-09-25 19:39 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-09-25 19:39 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-09-24 18:49 - 2013-07-13 15:35 - 00000000 ____D C:\Users\*****************\AppData\Roaming\DAEMON Tools Lite
2013-09-23 21:45 - 2012-12-10 23:05 - 00000000 ____D C:\Users\*****************\AppData\Roaming\vlc
2013-09-23 18:57 - 2013-09-23 18:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-23 18:55 - 2013-09-23 18:55 - 00000000 ____D C:\Users\*****************\AppData\Local\Citrix
2013-09-22 17:31 - 2012-12-10 22:20 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-09-22 13:42 - 2013-09-22 12:20 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-09-22 12:31 - 2013-09-15 09:42 - 00001493 _____ C:\Users\Public\Desktop\Command & Conquer Die ersten 10 Jahre.lnk
2013-09-22 12:19 - 2012-12-10 22:20 - 00001953 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-09-21 21:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-21 19:13 - 2013-09-21 19:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-21 19:13 - 2013-09-21 17:48 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-21 17:49 - 2013-09-21 16:35 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-21 17:49 - 2013-09-21 16:35 - 00000000 ____D C:\Windows\system32\NV
2013-09-21 17:48 - 2013-09-21 17:48 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-21 17:48 - 2013-09-21 17:48 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-21 16:43 - 2013-08-14 13:21 - 00000000 ____D C:\Windows\system32\MRT
2013-09-21 16:41 - 2012-12-23 21:51 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-21 16:35 - 2012-12-10 20:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-21 11:24 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-21 10:49 - 2013-09-21 10:49 - 00000000 ____D C:\Users\*****************\AppData\Roaming\File Scout
2013-09-15 17:46 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-15 17:24 - 2013-09-15 16:35 - 00000000 ____D C:\Users\*****************\Documents\Command and Conquer Generals Zero Hour Data
2013-09-15 16:33 - 2012-12-10 22:55 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-15 12:24 - 2013-09-15 09:18 - 00419272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 10:27 - 2013-09-15 09:47 - 00000000 ____D C:\Users\*****************\Documents\Command and Conquer Generals Data
2013-09-15 09:26 - 2012-12-10 20:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-15 09:24 - 2013-09-15 09:24 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-09-14 19:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-14 19:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 19:25 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-14 13:12 - 2012-12-17 21:23 - 00003392 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-14 11:12 - 2012-12-10 20:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-14 10:51 - 2013-01-16 15:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 18:04 - 2013-09-13 18:04 - 00000000 ____D C:\Users\*****************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-13 18:04 - 2013-09-13 18:04 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-13 06:53 - 2013-09-13 06:53 - 00000000 ____D C:\Users\*****************\AppData\Roaming\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00001046 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-13 06:52 - 2012-12-12 12:43 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-09-13 06:52 - 2012-12-12 12:43 - 00000000 ____D C:\Program Files (x86)\Real
2013-09-13 06:52 - 2012-12-12 12:42 - 00000000 ____D C:\ProgramData\Real
2013-09-13 06:51 - 2012-12-12 12:43 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-12 10:58 - 2013-09-21 16:32 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00032032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-09-12 10:58 - 2013-05-25 18:37 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 00022814 _____ C:\Windows\system32\nvinfo.pb
2013-09-12 09:25 - 2012-12-10 20:03 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 01042208 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-12 09:25 - 2012-12-10 20:03 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-12 00:06 - 2012-12-10 20:03 - 03361114 _____ C:\Windows\system32\nvcoproc.bin
2013-09-05 22:09 - 2013-09-14 19:31 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-05 22:09 - 2013-09-14 19:31 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-02 21:39 - 2012-12-10 22:19 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-02 21:39 - 2012-12-10 22:19 - 00000000 ____D C:\Program Files\CCleaner
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\*****************\Schaeffler
2013-08-28 14:36 - 2013-08-28 14:36 - 00000000 ____D C:\Users\*****************\AppData\Roaming\mp3DirectCut
2013-08-28 14:35 - 2013-08-28 14:35 - 00001059 _____ C:\Users\*****************\Desktop\mp3DirectCut.lnk
2013-08-28 14:35 - 2013-08-28 14:35 - 00000000 ____D C:\Program Files (x86)\mp3DirectCut
2013-08-28 14:29 - 2013-07-12 15:27 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-28 14:28 - 2012-12-30 13:39 - 00000000 ____D C:\Users\*****************\AppData\Roaming\DVDVideoSoft
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 11:00
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 Ran by ************* at 2013-09-27 17:02:31 Running from C:\Users\************\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168) Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04) Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638) Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17) ASUS Smart Gesture (x32 Version: 1.0.32) ATK Package (x32 Version: 1.0.0022) BitGuard (x32) CCleaner (Version: 4.05) CDBurnerXP (x32 Version: 4.5.2.4291) Citrix Online Launcher (x32 Version: 1.0.122) ClamWin Free Antivirus 0.97.8 (x32) Command & Conquer Die ersten 10 Jahre (x32 Version: 1.00.0000) Counter-Strike(TM) (x32 Version: 1.0.0.0) DAEMON Tools Lite (x32 Version: 4.47.1.0333) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Delta Chrome Toolbar (x32) Delta toolbar (x32 Version: 1.8.21.5) Dropbox (HKCU Version: 1.6.16) Epson Easy Photo Print 2 (x32 Version: 2.2.0.0) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000) Epson Event Manager (x32 Version: 2.40.0001) EPSON Scan (x32) EPSON SX420W Series Handbuch (x32) EPSON SX420W Series Netzwerk-Handbuch (x32) EPSON SX420W Series Printer Uninstall EpsonNet Print (x32 Version: 2.4i) EpsonNet Setup 3.2 (x32 Version: 3.2a) FIFA 10 (x32 Version: 1.0.0.0) Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827) GeForce Experience NvStream Client Components (Version: 0.1.87) Google Earth (x32 Version: 7.1.1.1888) Google Update Helper (x32 Version: 1.3.21.153) GoToMeeting 5.9.0.1207 (HKCU Version: 5.9.0.1207) hama PC-Webcam Messenger Set II (x32 Version: 5.7.19104.101) Hama Webcam Suite (x32) Intel(R) Processor Graphics (x32 Version: 9.17.10.2932) League of Legends (x32 Version: 1.3) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) MozBackup 1.5.1 (x32) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1) NVIDIA Grafiktreiber 327.23 (Version: 327.23) NVIDIA Install Application (Version: 2.1002.133.902) NVIDIA Optimus 8.3.14 (Version: 8.3.14) NVIDIA PhysX (x32 Version: 9.13.0725) NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725) NVIDIA Systemsteuerung 327.23 (Version: 327.23) NVIDIA Update 8.3.14 (Version: 8.3.14) NVIDIA Update Components (Version: 8.3.14) NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5) Of Orcs and Men (x32 Version: 1.0.0.2) Paint.NET v3.5.11 (Version: 3.61.0) Pando Media Booster (x32 Version: 2.6.0.8) PDF Architect (x32 Version: 1.0.41.8362) PDFCreator (x32 Version: 1.6.1) PDF-XChange 3 Qualcomm Atheros Client Installation Program (x32 Version: 10.0) RealDownloader (x32 Version: 1.3.3) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0) RealPlayer (x32 Version: 16.0.3) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136) RealUpgrade 1.1 (x32 Version: 1.1.0) SHIELD Streaming (Version: 1.05.28) Steam(TM) (x32 Version: 1.0.0.0) swMSM (x32 Version: 12.0.0.1) TeamSpeak 3 Client (Version: 3.0.10.1) TeamViewer 8 (x32 Version: 8.0.20202) Unreal Anthology (x32 Version: 1.00.0000) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32) Update for Video Converter (HKCU) VLC media player 2.0.4 (Version: 2.0.4) Windows-Treiberpaket - ASUS (ATP) Mouse (08/27/2012 1.0.0.125) (Version: 08/27/2012 1.0.0.125) ==================== Restore Points ========================= 07-09-2013 10:19:09 Geplanter Prüfpunkt 14-09-2013 08:43:48 Windows Update 21-09-2013 14:40:36 Windows Update 25-09-2013 17:08:10 Windows Update ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {14F13BB0-2289-488F-9824-7F61F006DD3C} - System32\Tasks\EPUpdater => C:\Users\***********\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () Task: {187665A0-C50D-4AD9-B4F2-5B0F5C4812A9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3797833307-1882079770-3084119189-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {28424731-B4EE-4226-9186-C01297C98520} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {3DBC96F3-3DE2-478A-9A1E-C6870E4D6248} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {54BE98EA-FDD8-4F34-8155-653BEAB013C8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797833307-1882079770-3084119189-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {6C0F85CC-5734-4CF8-B047-31E9EBEB71CE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation) Task: {8569479D-10FF-4CF6-BC9E-B42529413A98} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {97E9FC23-5E55-4F12-86B2-4172448111B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12] (Google Inc.) Task: {9D422FE9-A5BC-4A8A-AB63-CBCF7108B093} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {A99C582E-5C89-47CC-B1E1-EAB0CE22B6C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd) Task: {B58B92D1-C94D-4FC7-B80C-9ACA9A7D0791} - System32\Tasks\DSite => C:\Users\***********\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-07-20] () Task: {D270DD2D-6084-4096-8077-652D883452F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12] (Google Inc.) Task: {DF5F50AB-EDCF-4194-BC07-89D313CA3553} - System32\Tasks\BitGuard => Sc.exe start BitGuard Task: {E82F9466-7515-497C-BD25-B67A37B26D49} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: C:\Windows\Tasks\DSite.job => C:\Users\JOHANN~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2012-12-24 17:46 - 2008-04-19 17:35 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll 2012-10-10 03:22 - 2012-10-10 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-09-13 18:04 - 2013-09-13 17:00 - 02700768 _____ () C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll 2012-12-24 17:46 - 2005-02-08 17:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll 2012-12-24 17:46 - 2004-11-20 03:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd 2012-12-24 17:46 - 2004-10-11 20:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll 2012-12-24 17:46 - 2004-05-25 21:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd 2012-12-24 17:46 - 2004-11-20 03:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd 2012-12-24 17:46 - 2004-11-20 03:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd 2012-12-24 17:46 - 2004-11-20 03:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd 2012-12-24 17:46 - 2004-05-25 21:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd 2012-12-24 17:46 - 2004-05-25 21:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd 2012-12-24 17:46 - 2004-05-25 21:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd 2012-12-24 17:46 - 2004-10-11 20:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll 2012-12-24 17:46 - 2004-11-20 03:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd 2012-12-24 17:46 - 2004-11-20 03:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd 2012-12-24 17:46 - 2004-01-15 14:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd 2012-12-24 17:46 - 2004-11-20 03:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd 2012-12-24 17:46 - 2004-11-20 03:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd 2012-12-24 17:46 - 2003-10-01 13:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd 2012-12-24 17:46 - 2003-10-01 11:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll 2012-12-24 17:46 - 2003-08-10 09:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd 2012-12-24 17:46 - 2004-05-25 21:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd 2012-12-24 17:46 - 2004-05-25 21:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd 2013-07-05 12:53 - 2013-08-17 13:59 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: GT-I9100 Description: GT-I9100 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: SAMSUNG Electronics Co. Ltd. Service: WUDFWpdMtp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8168 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/27/2013 04:58:17 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/27/2013 04:16:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ngen.exe, Version: 4.0.30319.17929, Zeitstempel: 0x4ffa55c1 Name des fehlerhaften Moduls: bitguard.dll, Version: 2.6.1673.238, Zeitstempel: 0x5233288d Ausnahmecode: 0xc0000005 Fehleroffset: 0x001793a8 ID des fehlerhaften Prozesses: 0x10a8 Startzeit der fehlerhaften Anwendung: 0xngen.exe0 Pfad der fehlerhaften Anwendung: ngen.exe1 Pfad des fehlerhaften Moduls: ngen.exe2 Berichtskennung: ngen.exe3 Vollständiger Name des fehlerhaften Pakets: ngen.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ngen.exe5 Error: (09/27/2013 03:20:06 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/26/2013 08:47:20 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/26/2013 05:47:08 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/25/2013 09:19:57 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/25/2013 07:37:52 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ngen.exe, Version: 4.0.30319.17929, Zeitstempel: 0x4ffa55c1 Name des fehlerhaften Moduls: bitguard.dll, Version: 2.6.1673.238, Zeitstempel: 0x5233288d Ausnahmecode: 0xc0000005 Fehleroffset: 0x001793a8 ID des fehlerhaften Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0xngen.exe0 Pfad der fehlerhaften Anwendung: ngen.exe1 Pfad des fehlerhaften Moduls: ngen.exe2 Berichtskennung: ngen.exe3 Vollständiger Name des fehlerhaften Pakets: ngen.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ngen.exe5 Error: (09/25/2013 07:37:50 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ngen.exe, Version: 4.0.30319.17929, Zeitstempel: 0x4ffa55c1 Name des fehlerhaften Moduls: bitguard.dll, Version: 2.6.1673.238, Zeitstempel: 0x5233288d Ausnahmecode: 0xc0000005 Fehleroffset: 0x001793a8 ID des fehlerhaften Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0xngen.exe0 Pfad der fehlerhaften Anwendung: ngen.exe1 Pfad des fehlerhaften Moduls: ngen.exe2 Berichtskennung: ngen.exe3 Vollständiger Name des fehlerhaften Pakets: ngen.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ngen.exe5 Error: (09/25/2013 07:37:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ngen.exe, Version: 4.0.30319.17929, Zeitstempel: 0x4ffa55c1 Name des fehlerhaften Moduls: bitguard.dll, Version: 2.6.1673.238, Zeitstempel: 0x5233288d Ausnahmecode: 0xc0000005 Fehleroffset: 0x001793a8 ID des fehlerhaften Prozesses: 0xd28 Startzeit der fehlerhaften Anwendung: 0xngen.exe0 Pfad der fehlerhaften Anwendung: ngen.exe1 Pfad des fehlerhaften Moduls: ngen.exe2 Berichtskennung: ngen.exe3 Vollständiger Name des fehlerhaften Pakets: ngen.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ngen.exe5 Error: (09/25/2013 05:11:48 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (09/27/2013 04:54:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/27/2013 03:18:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/26/2013 08:47:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/26/2013 05:45:33 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/25/2013 09:19:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/25/2013 09:19:09 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 25.09.2013 um 19:49:26 unerwartet heruntergefahren. Error: (09/25/2013 05:11:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/24/2013 06:18:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/23/2013 06:14:51 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/22/2013 07:13:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Microsoft Office Sessions: ========================= Error: (09/27/2013 04:58:17 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (09/27/2013 04:16:44 PM) (Source: Application Error)(User: ) Description: ngen.exe4.0.30319.179294ffa55c1bitguard.dll2.6.1673.2385233288dc0000005001793a810a801cebb8c2fb62338C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen. exec:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll6f22ef3c-277f-11e3-80ac-9ba30d930ff9 Error: (09/27/2013 03:20:06 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (09/26/2013 08:47:20 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (09/26/2013 05:47:08 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (09/25/2013 09:19:57 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (09/25/2013 07:37:52 PM) (Source: Application Error)(User: ) Description: ngen.exe4.0.30319.179294ffa55c1bitguard.dll2.6.1673.2385233288dc0000005001793a89d001ceba15f5f534c1C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.e xec:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll33b4d3a7-2609-11e3-80a8-ece06687d40a Error: (09/25/2013 07:37:50 PM) (Source: Application Error)(User: ) Description: ngen.exe4.0.30319.179294ffa55c1bitguard.dll2.6.1673.2385233288dc0000005001793a89d001ceba15f4bf3e87C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.e xec:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll32813ff2-2609-11e3-80a8-ece06687d40a Error: (09/25/2013 07:37:44 PM) (Source: Application Error)(User: ) Description: ngen.exe4.0.30319.179294ffa55c1bitguard.dll2.6.1673.2385233288dc0000005001793a8d2801ceba15f027c727C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.e xec:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll2eb93815-2609-11e3-80a8-ece06687d40a Error: (09/25/2013 05:11:48 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 6023.11 MB Available physical RAM: 4642.61 MB Total Pagefile: 6983.11 MB Available Pagefile: 5584.46 MB Total Virtual: 8192 MB Available Virtual: 8191.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.24 GB) (Free:348.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: A5135A6B) Partition: GPT Partition Type ==================== End Of Log ============================ GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-27 17:13:39
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000045 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\JOHANN~1\AppData\Local\Temp\pxlorpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fe2b0a257c 8 bytes JMP 000007ff2a2b03b0
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fe2b0a6b10 9 bytes JMP 000007ff2a2b0308
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fe2b125658 7 bytes JMP 000007ff2a2b0260
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fe2b125778 7 bytes JMP 000007ff2a2b02d0
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fe2b141564 7 bytes JMP 000007ff2a2b0340
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fe2b1540e4 7 bytes JMP 000007ff2a2b0298
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fe2b154178 8 bytes JMP 000007ff2a2b0228
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fe2b15479c 8 bytes JMP 000007ff2a2b0378
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fe2a3428a0 7 bytes JMP 000007ff2a2b00d8
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fe2a3428e8 5 bytes JMP 000007ff2a2b0180
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fe2a35f590 6 bytes JMP 000007ff2a2b0148
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fe2a35f8ac 5 bytes JMP 000007ff2a2b0110
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fe2cdfc5b0 7 bytes JMP 000007ff2a2b0490
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fe2ce031f0 9 bytes JMP 000007ff2a2b03e8
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fe2ce033e0 5 bytes JMP 000007ff2a2b0458
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fe2ce07160 5 bytes JMP 000007ff2a2b0420
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fe2d1f1070 8 bytes JMP 000007ff2a2b01f0
.text C:\Windows\system32\dwm.exe[952] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fe2d210bc0 8 bytes JMP 000007ff2a2b01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[568] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe28401532 4 bytes [40, 28, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[568] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe2840153a 4 bytes [40, 28, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[568] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe2840165a 4 bytes [40, 28, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[336] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fe28401532 4 bytes [40, 28, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[336] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fe2840153a 4 bytes [40, 28, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[336] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fe2840165a 4 bytes [40, 28, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[336] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe2ac8177a 4 bytes [C8, 2A, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[336] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe2ac81782 4 bytes [C8, 2A, FE, 07]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2184] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fe2ac8177a 4 bytes [C8, 2A, FE, 07]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2184] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fe2ac81782 4 bytes [C8, 2A, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3680] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe28401532 4 bytes [40, 28, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3680] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe2840153a 4 bytes [40, 28, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3680] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe2840165a 4 bytes [40, 28, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3888] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe28401532 4 bytes [40, 28, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3888] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe2840153a 4 bytes [40, 28, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3888] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe2840165a 4 bytes [40, 28, FE, 07]
.text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[4036] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe2ac8177a 4 bytes [C8, 2A, FE, 07]
.text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[4036] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe2ac81782 4 bytes [C8, 2A, FE, 07]
.text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[4088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe28401532 4 bytes [40, 28, FE, 07]
.text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[4088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe2840153a 4 bytes [40, 28, FE, 07]
.text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[4088] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe2840165a 4 bytes [40, 28, FE, 07]
.text C:\Windows\System32\igfxpers.exe[3712] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe2ac8177a 4 bytes [C8, 2A, FE, 07]
.text C:\Windows\System32\igfxpers.exe[3712] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe2ac81782 4 bytes [C8, 2A, FE, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [572:596] fffff9600094d5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
28.09.2013, 12:09
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8: Firefox öffnet sich ständig selbst Das mit den Codetags müssen wir noch bissl üben  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.09.2013, 13:34
| #5 |
| | Windows 8: Firefox öffnet sich ständig selbst Also gut, auf ein neues! Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.28.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 ********** :: ACID [Administrator] Schutz: Aktiviert 28.09.2013 13:54:32 mbam-log-2013-09-28 (13-54-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224873 Laufzeit: 3 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 2 C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 1804 -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 2640 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 39 HKLM\SYSTEM\CurrentControlSet\Services\BitGuard (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Löschen bei Neustart. HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\d (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BitGuard.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 6 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=AC4012689DF3D33D&affID=121563&tsp=4941 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Löschen bei Neustart. HKLM\SYSTEM\CurrentControlSet\Services\BitGuard|ImagePath (PUP.Optional.BitGuard.A) -> Daten: C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.PerformerSoft.A) -> Bösartig: (c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll) Gut: () -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=AC4012689DF3D33D&affID=121563&tsp=4941) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 15 C:\Users\**********\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\1C24E71AABB14675AB3E988DBCDA5869 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\3C0C3ECD87A64019B57D89C4CDC183DC (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\4671BA25326F469399C4BD9D9A3EDB31 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BitGuard.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. Infizierte Dateien: 45 C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> Löschen bei Neustart. C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\1C24E71AABB14675AB3E988DBCDA5869\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\3C0C3ECD87A64019B57D89C4CDC183DC\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\4671BA25326F469399C4BD9D9A3EDB31\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\GUninstaller.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Delta\delta\1.8.21.5\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\1C24E71AABB14675AB3E988DBCDA5869\5472.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\1C24E71AABB14675AB3E988DBCDA5869\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\1C24E71AABB14675AB3E988DBCDA5869\OCBrowserHelper_1.0.6.124.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\4671BA25326F469399C4BD9D9A3EDB31\5472.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\4671BA25326F469399C4BD9D9A3EDB31\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\OpenCandy\4671BA25326F469399C4BD9D9A3EDB31\OCBrowserHelper_1.0.6.124.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\**********\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart. (Ende) Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 28/09/2013 um 14:10:32
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : ********** - ACID
# Gestartet von : C:\Users\**********\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\Program Files (x86)\delta
Ordner Gelöscht : C:\Users\**********\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\**********\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\**********\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\**********\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\nn4j1j84.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\nn4j1j84.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\bprotector_prefs.js
Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\nn4j1j84.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Datei Gelöscht : C:\Windows\System32\Tasks\DSite
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\a55dad9b33dbf13
Schlüssel Gelöscht : HKLM\SOFTWARE\a55dad9b33dbf13
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16688
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\prefs.js ]
*************************
AdwCleaner[R0].txt - [6499 octets] - [28/09/2013 14:09:55]
AdwCleaner[S0].txt - [6094 octets] - [28/09/2013 14:10:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6154 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 8 x64
Ran by ********** on 28.09.2013 at 14:16:06,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3797833307-1882079770-3084119189-1001\Software\SweetIM
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\pofkhwr8.default-1375807313331\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.09.2013 at 14:19:31,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by ********** (administrator) on ACID on 28-09-2013 14:24:10
Running from C:\Users\**********\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Sonix) C:\Windows\vsnp2std.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Windows\FixCamera.exe
() C:\Windows\tsnp2std.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ASUSQuickGesture(x86)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [snp2std] - C:\Windows\vsnp2std.exe [344064 2007-09-28] (Sonix)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-10] ()
HKCU\...\Run: [EPSON SX420W Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S2128.tmp" /EF "HKCU"
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Valve\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
MountPoints2: {41eff61b-42fd-11e2-be6f-50465dd0cdc9} - "D:\pushinst.exe"
MountPoints2: {b9d48a4d-432b-11e2-be65-806e6f6e6963} - "E:\AsInsWiz.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [tsnp2std] - C:\Windows\tsnp2std.exe [270336 2007-05-12] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [ClamWin] - C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\**********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8C6DEC74585DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331
FF Homepage: hxxp://www.web.de/
FF NetworkProxy: "ftp", "81.17.28.169"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "81.17.28.169"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "81.17.28.169"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\**********\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Basic - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\Extensions\foxyproxy@eric.h.jung
FF Extension: Bargain Workbench - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\Extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}
FF Extension: firefox-hotfix - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\Extensions\firefox-hotfix@mozilla.org.xpi
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF StartMenuInternet: FIREFOX.EXE - C:\Users\**********\Desktop\Zeugs\Unterlagen\Bewerbung\Bewerbung bereits verschickt - KPMG - Trainee Transaction & Restructuring\FF\firefox.exe
==================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [18688 2007-05-30] (ArcSoft, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-21] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 SNP2STD; C:\Windows\system32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-21] (Duplex Secure Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-28 14:23 - 2013-09-28 14:23 - 01953880 _____ (Farbar) C:\Users\**********\Desktop\FRST64.exe
2013-09-28 14:16 - 2013-09-28 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 14:09 - 2013-09-28 14:10 - 00000000 ____D C:\AdwCleaner
2013-09-28 14:05 - 2013-09-28 14:05 - 00018126 _____ C:\Windows\PFRO.log
2013-09-28 13:51 - 2013-09-28 13:51 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\Users\**********\AppData\Roaming\Malwarebytes
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 13:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-27 17:29 - 2013-09-28 14:22 - 00000000 ____D C:\Users\**********\Desktop\Antivirentools
2013-09-27 17:01 - 2013-09-27 17:01 - 00000000 ____D C:\FRST
2013-09-27 16:53 - 2013-09-27 16:53 - 00000188 _____ C:\Users\**********\defogger_reenable
2013-09-27 16:16 - 2013-09-27 21:42 - 00286290 _____ C:\Windows\WindowsUpdate.log
2013-09-23 18:57 - 2013-09-23 18:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-23 18:55 - 2013-09-23 18:55 - 00000000 ____D C:\Users\**********\AppData\Local\Citrix
2013-09-22 12:20 - 2013-09-22 13:42 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-09-21 19:13 - 2013-09-21 19:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-21 17:48 - 2013-09-21 19:13 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-21 17:48 - 2013-09-21 17:48 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-21 17:48 - 2013-09-21 17:48 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-21 16:35 - 2013-09-21 17:49 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-21 16:35 - 2013-09-21 17:49 - 00000000 ____D C:\Windows\system32\NV
2013-09-21 16:32 - 2013-09-12 10:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-21 16:32 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00032032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-09-15 16:35 - 2013-09-15 17:24 - 00000000 ____D C:\Users\**********\Documents\Command and Conquer Generals Zero Hour Data
2013-09-15 09:47 - 2013-09-15 10:27 - 00000000 ____D C:\Users\**********\Documents\Command and Conquer Generals Data
2013-09-15 09:42 - 2013-09-22 12:31 - 00001493 _____ C:\Users\Public\Desktop\Command & Conquer Die ersten 10 Jahre.lnk
2013-09-15 09:24 - 2013-09-15 09:24 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-09-15 09:18 - 2013-09-15 12:24 - 00419272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-14 19:31 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-14 19:31 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-14 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-14 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-13 18:19 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-13 18:19 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-13 18:19 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-13 18:19 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-13 18:19 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-13 18:19 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-13 18:19 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-13 18:18 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-13 18:18 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-13 18:18 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-13 18:18 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-13 18:18 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-13 18:16 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 18:16 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 18:16 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 18:16 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 18:16 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 18:16 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 18:16 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 18:16 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 18:16 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-13 18:16 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-13 18:16 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-13 18:16 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-13 18:16 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-13 18:16 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-13 18:16 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-13 18:16 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-13 18:16 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-13 18:16 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-13 18:16 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-13 18:16 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-13 18:16 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-13 18:16 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-13 18:16 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-13 18:16 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-13 18:16 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-13 18:16 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-13 18:16 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-13 18:16 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-13 18:16 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-13 18:16 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-13 18:16 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-13 18:16 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-13 18:16 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-13 18:16 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-13 18:16 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-13 18:16 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-13 18:16 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-13 18:16 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-13 18:16 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-13 18:16 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-13 18:16 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-13 18:16 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-13 18:16 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-13 18:16 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-13 18:16 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-13 18:16 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-13 18:16 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-13 18:16 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-13 18:16 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-13 18:16 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-13 18:16 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-13 07:12 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 06:53 - 2013-09-13 06:53 - 00000000 ____D C:\Users\**********\AppData\Roaming\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00001046 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\**********\Schaeffler
==================== One Month Modified Files and Folders =======
2013-09-28 14:24 - 2012-12-10 22:55 - 00000000 ____D C:\Users\**********\AppData\Local\PMB Files
2013-09-28 14:23 - 2013-09-28 14:23 - 01953880 _____ (Farbar) C:\Users\**********\Desktop\FRST64.exe
2013-09-28 14:22 - 2013-09-27 17:29 - 00000000 ____D C:\Users\**********\Desktop\Antivirentools
2013-09-28 14:22 - 2013-01-21 20:55 - 00000000 ____D C:\Users\**********\Documents\Outlook-Dateien
2013-09-28 14:21 - 2012-12-10 19:57 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-28 14:16 - 2013-09-28 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 14:12 - 2013-04-12 13:52 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-28 14:12 - 2013-04-12 13:52 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-28 14:11 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 14:10 - 2013-09-28 14:09 - 00000000 ____D C:\AdwCleaner
2013-09-28 14:05 - 2013-09-28 14:05 - 00018126 _____ C:\Windows\PFRO.log
2013-09-28 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-28 13:51 - 2013-09-28 13:51 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\Users\**********\AppData\Roaming\Malwarebytes
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 13:34 - 2012-12-10 22:55 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-28 13:34 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-28 12:42 - 2013-04-22 19:46 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-28 12:42 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-09-28 12:42 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-09-28 12:29 - 2013-07-27 04:27 - 00000112 _____ C:\Users\**********\AppData\Roaming\WB.CFG
2013-09-28 12:29 - 2013-07-20 14:27 - 00000005 _____ C:\Users\**********\AppData\Roaming\WBPU-TTL.DAT
2013-09-27 21:42 - 2013-09-27 16:16 - 00286290 _____ C:\Windows\WindowsUpdate.log
2013-09-27 21:18 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-27 21:09 - 2013-05-16 18:32 - 00003372 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-27 21:09 - 2013-05-16 18:32 - 00003256 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-27 17:09 - 2012-12-10 22:42 - 00000000 ____D C:\Users\**********\AppData\Local\Paint.NET
2013-09-27 17:01 - 2013-09-27 17:01 - 00000000 ____D C:\FRST
2013-09-27 16:53 - 2013-09-27 16:53 - 00000188 _____ C:\Users\**********\defogger_reenable
2013-09-27 16:53 - 2012-12-10 19:51 - 00000000 ____D C:\Users\**********
2013-09-27 15:20 - 2012-12-12 12:44 - 00003350 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-27 15:20 - 2012-12-12 12:44 - 00003234 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-26 20:53 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-24 18:49 - 2013-07-13 15:35 - 00000000 ____D C:\Users\**********\AppData\Roaming\DAEMON Tools Lite
2013-09-23 21:45 - 2012-12-10 23:05 - 00000000 ____D C:\Users\**********\AppData\Roaming\vlc
2013-09-23 18:57 - 2013-09-23 18:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-23 18:55 - 2013-09-23 18:55 - 00000000 ____D C:\Users\**********\AppData\Local\Citrix
2013-09-22 17:31 - 2012-12-10 22:20 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-09-22 13:42 - 2013-09-22 12:20 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-09-22 12:31 - 2013-09-15 09:42 - 00001493 _____ C:\Users\Public\Desktop\Command & Conquer Die ersten 10 Jahre.lnk
2013-09-22 12:19 - 2012-12-10 22:20 - 00001953 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-09-21 19:13 - 2013-09-21 19:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-21 19:13 - 2013-09-21 17:48 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-21 17:49 - 2013-09-21 16:35 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-21 17:49 - 2013-09-21 16:35 - 00000000 ____D C:\Windows\system32\NV
2013-09-21 17:48 - 2013-09-21 17:48 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-21 17:48 - 2013-09-21 17:48 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-21 16:43 - 2013-08-14 13:21 - 00000000 ____D C:\Windows\system32\MRT
2013-09-21 16:41 - 2012-12-23 21:51 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-21 16:35 - 2012-12-10 20:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-19 01:26 - 2013-09-14 19:31 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-14 19:31 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 17:46 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-15 17:24 - 2013-09-15 16:35 - 00000000 ____D C:\Users\**********\Documents\Command and Conquer Generals Zero Hour Data
2013-09-15 12:24 - 2013-09-15 09:18 - 00419272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 10:27 - 2013-09-15 09:47 - 00000000 ____D C:\Users\**********\Documents\Command and Conquer Generals Data
2013-09-15 09:26 - 2012-12-10 20:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-15 09:24 - 2013-09-15 09:24 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-09-14 19:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-14 19:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 19:25 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-14 13:12 - 2012-12-17 21:23 - 00003392 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-14 11:12 - 2012-12-10 20:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-14 10:51 - 2013-01-16 15:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 06:53 - 2013-09-13 06:53 - 00000000 ____D C:\Users\**********\AppData\Roaming\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00001046 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-13 06:52 - 2012-12-12 12:43 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-09-13 06:52 - 2012-12-12 12:43 - 00000000 ____D C:\Program Files (x86)\Real
2013-09-13 06:52 - 2012-12-12 12:42 - 00000000 ____D C:\ProgramData\Real
2013-09-13 06:51 - 2012-12-12 12:43 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-12 10:58 - 2013-09-21 16:32 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00032032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-09-12 10:58 - 2013-05-25 18:37 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 00022814 _____ C:\Windows\system32\nvinfo.pb
2013-09-12 09:25 - 2012-12-10 20:03 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 01042208 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-12 09:25 - 2012-12-10 20:03 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-12 00:06 - 2012-12-10 20:03 - 03361114 _____ C:\Windows\system32\nvcoproc.bin
2013-09-02 21:39 - 2012-12-10 22:19 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-02 21:39 - 2012-12-10 22:19 - 00000000 ____D C:\Program Files\CCleaner
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\**********\Schaeffler
Some content of TEMP:
====================
C:\Users\**********\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 11:00
==================== End Of Log ============================
--- --- --- |
|
29.09.2013, 05:48
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8: Firefox öffnet sich ständig selbstESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 8: Firefox öffnet sich ständig selbst |
|
29.09.2013, 10:48
| #7 |
| | Windows 8: Firefox öffnet sich ständig selbst So, alles durchgeführt. Bis dato hat sich firefox nicht wieder selbstständig geöffnet. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ccf8953cddae3d4494c9bf95cbb3b9bc
# engine=15293
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-29 09:35:31
# local_time=2013-09-29 11:35:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=2817 16777215 100 100 13109954 13368077 0 0
# compatibility_mode=5893 16776573 100 94 7725 7730806 0 0
# scanned=205065
# found=0
# cleaned=0
# scan_time=6947
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (23.0.1) Google Chrome 22.0.1229.95 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by ********** (administrator) on ACID on 29-09-2013 11:45:27
Running from C:\Users\**********\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Sonix) C:\Windows\vsnp2std.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Windows\FixCamera.exe
() C:\Windows\tsnp2std.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ASUSQuickGesture(x86)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [snp2std] - C:\Windows\vsnp2std.exe [344064 2007-09-28] (Sonix)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-10] ()
HKCU\...\Run: [EPSON SX420W Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S2128.tmp" /EF "HKCU"
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Valve\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [45056 2012-07-26] (Microsoft Corporation)
MountPoints2: {41eff61b-42fd-11e2-be6f-50465dd0cdc9} - "D:\pushinst.exe"
MountPoints2: {b9d48a4d-432b-11e2-be65-806e6f6e6963} - "E:\AsInsWiz.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [tsnp2std] - C:\Windows\tsnp2std.exe [270336 2007-05-12] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [ClamWin] - C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\**********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8C6DEC74585DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "81.17.28.169"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "81.17.28.169"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "81.17.28.169"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\**********\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Basic - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\Extensions\foxyproxy@eric.h.jung
FF Extension: Bargain Workbench - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\Extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}
FF Extension: firefox-hotfix - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\pofkhwr8.default-1375807313331\Extensions\firefox-hotfix@mozilla.org.xpi
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF StartMenuInternet: FIREFOX.EXE - C:\Users\**********\Desktop\Zeugs\Unterlagen\Bewerbung\Bewerbung bereits verschickt - KPMG - Trainee Transaction & Restructuring\FF\firefox.exe
==================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [18688 2007-05-30] (ArcSoft, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-21] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 SNP2STD; C:\Windows\system32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-21] (Duplex Secure Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-28 14:23 - 2013-09-28 14:23 - 01953880 _____ (Farbar) C:\Users\**********\Desktop\FRST64.exe
2013-09-28 14:16 - 2013-09-28 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 14:09 - 2013-09-28 14:10 - 00000000 ____D C:\AdwCleaner
2013-09-28 14:05 - 2013-09-28 14:05 - 00018126 _____ C:\Windows\PFRO.log
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\Users\**********\AppData\Roaming\Malwarebytes
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 13:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-27 17:29 - 2013-09-29 11:45 - 00000000 ____D C:\Users\**********\Desktop\Antivirentools
2013-09-27 17:01 - 2013-09-27 17:01 - 00000000 ____D C:\FRST
2013-09-27 16:53 - 2013-09-27 16:53 - 00000188 _____ C:\Users\**********\defogger_reenable
2013-09-27 16:16 - 2013-09-29 11:33 - 00387866 _____ C:\Windows\WindowsUpdate.log
2013-09-23 18:57 - 2013-09-23 18:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-23 18:55 - 2013-09-23 18:55 - 00000000 ____D C:\Users\**********\AppData\Local\Citrix
2013-09-22 12:20 - 2013-09-22 13:42 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-09-21 19:13 - 2013-09-21 19:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-21 17:48 - 2013-09-21 19:13 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-21 17:48 - 2013-09-21 17:48 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-21 17:48 - 2013-09-21 17:48 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-21 16:35 - 2013-09-21 17:49 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-21 16:35 - 2013-09-21 17:49 - 00000000 ____D C:\Windows\system32\NV
2013-09-21 16:32 - 2013-09-12 10:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-21 16:32 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-21 16:32 - 2013-09-12 10:58 - 00032032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-09-15 16:35 - 2013-09-15 17:24 - 00000000 ____D C:\Users\**********\Documents\Command and Conquer Generals Zero Hour Data
2013-09-15 09:47 - 2013-09-15 10:27 - 00000000 ____D C:\Users\**********\Documents\Command and Conquer Generals Data
2013-09-15 09:42 - 2013-09-22 12:31 - 00001493 _____ C:\Users\Public\Desktop\Command & Conquer Die ersten 10 Jahre.lnk
2013-09-15 09:24 - 2013-09-15 09:24 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-09-15 09:18 - 2013-09-15 12:24 - 00419272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-14 19:31 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-14 19:31 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-14 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-14 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-13 18:19 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-13 18:19 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-13 18:19 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-13 18:19 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-13 18:19 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-13 18:19 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-13 18:19 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-13 18:19 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-13 18:19 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-13 18:18 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-13 18:18 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-13 18:18 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-13 18:18 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-13 18:18 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-13 18:18 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-13 18:18 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-13 18:16 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 18:16 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 18:16 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 18:16 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 18:16 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 18:16 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 18:16 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 18:16 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 18:16 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 18:16 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 18:16 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-13 18:16 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-13 18:16 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-13 18:16 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-13 18:16 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-13 18:16 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-13 18:16 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-13 18:16 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-13 18:16 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-13 18:16 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-13 18:16 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-13 18:16 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-13 18:16 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-13 18:16 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-13 18:16 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-13 18:16 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-13 18:16 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-13 18:16 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-13 18:16 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-13 18:16 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-13 18:16 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-13 18:16 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-13 18:16 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-13 18:16 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-13 18:16 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-13 18:16 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-13 18:16 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-13 18:16 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-13 18:16 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-13 18:16 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-13 18:16 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-13 18:16 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-13 18:16 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-13 18:16 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-13 18:16 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-13 18:16 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-13 18:16 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-13 18:16 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-13 18:16 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-13 18:16 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-13 18:16 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-13 18:16 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-13 18:16 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-13 07:12 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 06:53 - 2013-09-13 06:53 - 00000000 ____D C:\Users\**********\AppData\Roaming\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00001046 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\**********\Schaeffler
==================== One Month Modified Files and Folders =======
2013-09-29 11:45 - 2013-09-27 17:29 - 00000000 ____D C:\Users\**********\Desktop\Antivirentools
2013-09-29 11:35 - 2012-12-10 22:55 - 00000000 ____D C:\Users\**********\AppData\Local\PMB Files
2013-09-29 11:33 - 2013-09-27 16:16 - 00387866 _____ C:\Windows\WindowsUpdate.log
2013-09-29 11:12 - 2013-04-12 13:52 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-29 11:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-29 10:12 - 2013-04-12 13:52 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-29 09:37 - 2013-04-22 19:46 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-29 09:37 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-09-29 09:37 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-09-29 09:29 - 2012-12-10 19:57 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-29 09:23 - 2013-01-21 20:55 - 00000000 ____D C:\Users\**********\Documents\Outlook-Dateien
2013-09-29 09:15 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 20:16 - 2012-12-12 12:44 - 00003350 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-28 20:16 - 2012-12-12 12:44 - 00003234 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-28 19:01 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-28 17:56 - 2012-12-10 22:42 - 00000000 ____D C:\Users\**********\AppData\Local\Paint.NET
2013-09-28 17:54 - 2012-12-10 22:36 - 00000000 ____D C:\Users\**********\Desktop\Zeugs
2013-09-28 17:52 - 2012-12-10 23:05 - 00000000 ____D C:\Users\**********\AppData\Roaming\vlc
2013-09-28 14:23 - 2013-09-28 14:23 - 01953880 _____ (Farbar) C:\Users\**********\Desktop\FRST64.exe
2013-09-28 14:16 - 2013-09-28 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 14:10 - 2013-09-28 14:09 - 00000000 ____D C:\AdwCleaner
2013-09-28 14:05 - 2013-09-28 14:05 - 00018126 _____ C:\Windows\PFRO.log
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\Users\**********\AppData\Roaming\Malwarebytes
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 13:51 - 2013-09-28 13:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 13:34 - 2012-12-10 22:55 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-28 12:29 - 2013-07-27 04:27 - 00000112 _____ C:\Users\**********\AppData\Roaming\WB.CFG
2013-09-28 12:29 - 2013-07-20 14:27 - 00000005 _____ C:\Users\**********\AppData\Roaming\WBPU-TTL.DAT
2013-09-27 21:18 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-27 21:09 - 2013-05-16 18:32 - 00003372 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-27 21:09 - 2013-05-16 18:32 - 00003256 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-27 17:01 - 2013-09-27 17:01 - 00000000 ____D C:\FRST
2013-09-27 16:53 - 2013-09-27 16:53 - 00000188 _____ C:\Users\**********\defogger_reenable
2013-09-27 16:53 - 2012-12-10 19:51 - 00000000 ____D C:\Users\**********
2013-09-26 20:53 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-24 18:49 - 2013-07-13 15:35 - 00000000 ____D C:\Users\**********\AppData\Roaming\DAEMON Tools Lite
2013-09-23 18:57 - 2013-09-23 18:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-23 18:55 - 2013-09-23 18:55 - 00000000 ____D C:\Users\**********\AppData\Local\Citrix
2013-09-22 17:31 - 2012-12-10 22:20 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-09-22 13:42 - 2013-09-22 12:20 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-09-22 12:31 - 2013-09-15 09:42 - 00001493 _____ C:\Users\Public\Desktop\Command & Conquer Die ersten 10 Jahre.lnk
2013-09-22 12:19 - 2012-12-10 22:20 - 00001953 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-09-21 19:13 - 2013-09-21 19:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-21 19:13 - 2013-09-21 17:48 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-21 17:49 - 2013-09-21 16:35 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-21 17:49 - 2013-09-21 16:35 - 00000000 ____D C:\Windows\system32\NV
2013-09-21 17:48 - 2013-09-21 17:48 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-21 17:48 - 2013-09-21 17:48 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-21 16:43 - 2013-08-14 13:21 - 00000000 ____D C:\Windows\system32\MRT
2013-09-21 16:41 - 2012-12-23 21:51 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-21 16:35 - 2012-12-10 20:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-19 01:26 - 2013-09-14 19:31 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-14 19:31 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 17:46 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-15 17:24 - 2013-09-15 16:35 - 00000000 ____D C:\Users\**********\Documents\Command and Conquer Generals Zero Hour Data
2013-09-15 12:24 - 2013-09-15 09:18 - 00419272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 10:27 - 2013-09-15 09:47 - 00000000 ____D C:\Users\**********\Documents\Command and Conquer Generals Data
2013-09-15 09:26 - 2012-12-10 20:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-15 09:24 - 2013-09-15 09:24 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-09-14 19:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-14 19:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 19:25 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-14 13:12 - 2012-12-17 21:23 - 00003392 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3797833307-1882079770-3084119189-1001
2013-09-14 11:12 - 2012-12-10 20:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-14 10:51 - 2013-01-16 15:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 06:53 - 2013-09-13 06:53 - 00000000 ____D C:\Users\**********\AppData\Roaming\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00001046 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-13 06:52 - 2013-09-13 06:52 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-13 06:52 - 2012-12-12 12:43 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-09-13 06:52 - 2012-12-12 12:43 - 00000000 ____D C:\Program Files (x86)\Real
2013-09-13 06:52 - 2012-12-12 12:42 - 00000000 ____D C:\ProgramData\Real
2013-09-13 06:51 - 2012-12-12 12:43 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-09-13 06:51 - 2012-12-12 12:43 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-12 10:58 - 2013-09-21 16:32 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 10:58 - 2013-09-21 16:32 - 00032032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-09-12 10:58 - 2013-05-25 18:37 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 10:58 - 2012-10-08 12:42 - 00022814 _____ C:\Windows\system32\nvinfo.pb
2013-09-12 09:25 - 2012-12-10 20:03 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 01042208 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-12 09:25 - 2012-12-10 20:03 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2013-09-12 09:25 - 2012-12-10 20:03 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-12 00:06 - 2012-12-10 20:03 - 03361114 _____ C:\Windows\system32\nvcoproc.bin
2013-09-02 21:39 - 2012-12-10 22:19 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-02 21:39 - 2012-12-10 22:19 - 00000000 ____D C:\Program Files\CCleaner
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\**********\Schaeffler
Some content of TEMP:
====================
C:\Users\**********\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-29 09:29
==================== End Of Log ============================
--- --- --- |
|
29.09.2013, 18:06
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8: Firefox öffnet sich ständig selbst Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF NetworkProxy: "ftp", "81.17.28.169"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "81.17.28.169"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "81.17.28.169"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.09.2013, 18:34
| #9 |
| | Windows 8: Firefox öffnet sich ständig selbst Hi, besten Dank soweit! 1) Kannst du mir bitte noch mitteilen, um welche Schadsoftware es sich gehandelt hat und wo man die üblicherweise herbekommt? Ich lade idR nix herunter, was ich nicht kenne! 2) Folgendes zu deinen Anmerkungen: Ich benutze "ClamWin Free Antivirus"... anscheinend kein besonders guter Schutz... richtig? Werde absofort " Malwarebytes Anti-Malware " verwenden ... ausreichend? 3) Ich surfe mit Firefox und u.a. folgenden Addons: FoxyProxy.... Kann es möglich sein, dass ich mir die Schadsoftware über fremde Sever eingefangen habe, da ich zum Serien gucken immer über amerikanische Proxy gehe?! 4) Was hälst du vom "CCleaner"? 5) Hier die Log Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by JohannesKainer at 2013-09-29 19:19:54 Run:1
Running from C:\Users\*************\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FF NetworkProxy: "ftp", "81.17.28.169"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "81.17.28.169"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "81.17.28.169"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
*****************
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
==== End of Fixlog ====
|
|
30.09.2013, 08:44
| #10 | ||||
| /// the machine /// TB-Ausbilder | Windows 8: Firefox öffnet sich ständig selbstZitat:
Zitat:
Zitat:
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
