| |
| |||||||
Log-Analyse und Auswertung: Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log wegWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.10.2013, 22:13
| #1 |
| |  Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg Hallo liebe Community, ich habe einen PC mit zwei Festplatten zu je ~110 GB, die habe ich nach dem letzten Virenbefall vor rund 2 Monaten jeweils in 2 Partitionen aufgeteilt, sodass ich nun 4 Partitionen hab. Auf Festplatte 1 Partition 1 hab ich Windows XP Media Center Edition, auf Festplatte 2 Partition 1 WIndows Vista Business (per Dreamspark gekriegt). Die restlichen Partitionen sind Backup-Partitionen; auf Festplatte 2 Partition 2 mein Dropbox-Ordner, Festplatte 1 Partition 2 das Datenbackup (kein Systembackup, nur Dateien und Ordner). Ich habe fast nur Vista genutzt, daher bezieht sich alles, wenn nicht anders ausgedrückt, auf Vista. Mein PC verhielt sich seit einiger Zeit komisch, bspw. Crasht Firefox bei jedem (!) Video, egal ob Facebook, Youtube... und bei einigen "modernen" Websiten & nach einiger Zeit auf Facebook hängt es sich an irgendwelchen Scripten auf; wenn man Firefox sagt, das Script soll stoppen, geht es einige Zeit ruckelnd, bis das Problem erneut auftritt und Firefox letztendlich crasht. Abhilfe hat da nur NoScript geschaffen. Unter Chrome, Opera, Safari tritt das Problem nicht auf. Unter allen Programmen und unter beiden Betriebssystemen wird stellenweise angezeigt, dass der Flashplayer nicht installiert sei, Neuinstallation bringt nix. Dennoch funktionieren die meisten Flash-Programme. Desweiteren hat sich vor rund einem Monat plötzlich meine Bildschirmauflösung geändert; zwar konnte ich sie danach noch ändern & sie hat sich auch nicht mehr verändert, nur auf die ursprüngliche Bildschirmauflösung komm ich nicht. Einer meiner USB-Sticks wollte desweiteren dauernd repariert werden; die Dateien direkt in E: (nicht in einem der Unterordner) waren alle doppelt & wenn z.B. ich eine Datei namens "ABC.txt" hatte, gab es dazu eine Kopie namens "ABC-2013-12-.....". Zudem zeigte der PC, wenn der USB-Stick angeschlossen war, dauernd diesen blauen Kreis an (das, was bei XP die "Sanduhr" ist), der zudem zitterte. Heute hab ich meine Backup-USB-Sticks geleert, um ein ganz frisches Backup draufzuziehen. Das war unglaublich langsam, daher habe ich sie formatiert; vor der Formatierung kam die Meldung, dass gerade ein Prozess auf/mit dem USB-Stick arbeitet und ob ich wirklich formatieren wolle. Von mir ging der Prozess nicht aus, ich hatte alle Kopier-vorgänge etc. bereits geschlossen. Zeitgleich/etwas vor der Formatierung hab ich MBAM gedownloadet, einen Flash-Scan gestartet, der 8 Funde gefunden & entfernt hab; die Log-Datei hab ich auf dem Desktop gespeichert. Die Formatierung dauerte auch unendlich lange, als sie dann zuende war, habe ich erst erneut versucht, meine Daten rüberzuziehen, was wieder zu lange dauerte. Danach hab ich auf Geheiß von MBAM den PC neu gestartet, was solange nicht klappen wollte, bis ich die USB-Sticks rausgezogen hab. Pc neu gestartet & erneut neugestartet, um Slax über die Live-Cd auszuführen & meine Daten auf die USBs zu ziehen. Dort hab ich entdeckt: Das MBAM-log ist verschwunden und diverse andere Ordner auch & die auf den USB-Stick gezogenen Dateien hatten 0 kb! Hab also den PC neu gestartet & XP statt Vista gebootet. Dort tauchten die Ordner wieder auf, das MBAM-log ist aber immer noch verschwunden. MBAM ist von Deutsch auf Englisch & erneut auf Deutsch gewechselt. Hab also die Dateien auf die USBs gezogen, ein MBAM-Vollscan mit Log und die Logs erstellt. FRST hat hier nach einem Update gefragt, was ich ihm verweigert habe. Beim Scan ist es abgestürzt; ich habe es erneut laufen lassen & es ist erneut abgestürzt. Nachdem GMER fertig war, hab ich neugestartet, Vista booten lassen & dort erneut Logs erstellen lassen. FRST hat hier nicht nach einem Update gefragt & ist auch nicht abgestürzt. Ich hab bei GMER zu spät gemerkt, dass Firefox noch lief (Internet war ausgestöpselt). GMER hat seeehr lange bei SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management rumgearbeitet, der ganze PC drohte sich aufzuhängen, da ist mir Firefox aufgefallen, was ich schnell schließen wollte; dieses hat sich auch erstmal aufgehangen, aber am Ende wurde der Prozess beendet. Danach lief alles wieder runder; GMER blieb noch einige Zeit bei Memory Management, hat dann aber weitergemacht. Dann kam plötzlich ein Fenster: GMER.exe-Kein Datenträger Es befindet sich kein Datenträger im Laufwerk. Legen sie einen Datenträger in Laufwerk\Device\Harddisk3\DP3 ein. Ich hab auf "Wiederholen", auf "Weiter" & auf "Abbrechen" geklickt, erst ohne Erfolg, als ich dann wie wild auf Abbrechen rumgeklickt hab, ging es irgendwann weiter mit GMER, ohne weitere Zwischenfälle. Hier nun die Logs: XP Media Center Edition MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.19.03 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 6.0.2900.5512 Admin :: M-UND-SH [Administrator] 19.10.2013 17:28:04 MBAM-log-2013-10-19 (19-39-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 452588 Laufzeit: 2 Stunde(n), 8 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Babylon.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 22 C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. D:\$Recycle.Bin\S-1-5-21-3080170468-2847345479-74797732-1000\$RGQHIAU.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. D:\$Recycle.Bin\S-1-5-21-3080170468-2847345479-74797732-1000\$RZL0FMB.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. D:\$Recycle.Bin\S-1-5-21-3080170468-2847345479-74797732-1001\$RC3QS76.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. D:\$Recycle.Bin\S-1-5-21-3080170468-2847345479-74797732-1001\$RI02D0A.exe (PUP.Optional.Installrex) -> Keine Aktion durchgeführt. D:\$Recycle.Bin\S-1-5-21-3080170468-2847345479-74797732-1001\$RZ8GH7P.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3SR68V5\pack[1].7z (PUP.Optional.BrowserProtect.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.DeltaTB) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\LyricsPal_1060-8101_v122.exe (PUP.Optional.LyricsAd) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\68769C2D-BAB0-7891-AC18-F31EB455D87C\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\68769C2D-BAB0-7891-AC18-F31EB455D87C\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\68769C2D-BAB0-7891-AC18-F31EB455D87C\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\68769C2D-BAB0-7891-AC18-F31EB455D87C\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\68769C2D-BAB0-7891-AC18-F31EB455D87C\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\68769C2D-BAB0-7891-AC18-F31EB455D87C\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\68769C2D-BAB0-7891-AC18-F31EB455D87C\Latest\Setup.exe (PUP.Babylon.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\is1070216317\23559282_Setup.EXE (PUP.Optional.LyricXeeker.A) -> Keine Aktion durchgeführt. D:\Users\Admin\AppData\Local\Temp\is1070216317\DeltaTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. D:\Users\Maman joon & Shima\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.Optional.Installrex) -> Keine Aktion durchgeführt. D:\Users\Maman joon & Shima\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001 (PUP.Optional.Installrex) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-19 20:24:37
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3120026AS rev.3.00 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\pwtoypog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0xF44EC9E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0xF4488410]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0xF449F588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0xF4488988]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0xF448886E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0xF449F8AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateProcess [0xF44EE95E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateProcessEx [0xF44EEB7A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0xF44EFA3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0xF4488AA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0xF44EF03E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0xF449F97C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0xF44EE804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeleteKey [0xF449960E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeleteValueKey [0xF449ADF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0xF4488454]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0xF44ECB26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwEnumerateKey [0xF449A602]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwEnumerateValueKey [0xF449AF96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0xF44EC78E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadKey [0xF449A146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadKey2 [0xF449A39E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0xF44EF836]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0xF449DD4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0xF4488A1E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0xF44888FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0xF44EE3AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0xF44EFCEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0xF4488B3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0xF44EED9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryKey [0xF4499442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryMultipleValueKey [0xF449AC04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0xF449DF58]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryValueKey [0xF449A9F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0xF44EF6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRenameKey [0xF4499722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplaceKey [0xF4499D94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0xF449FBBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0xF449FA4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0xF449FB00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0xF449FC2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRestoreKey [0xF4499F9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0xF44EF414]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveKey [0xF44998C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveKeyEx [0xF4499A5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveMergedKeys [0xF4499BF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0xF449F716]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0xF44EF572]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0xF4488BC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0xF44EC898]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetValueKey [0xF449A7C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0xF44EE54C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0xF44EF2BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0xF4488BDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0xF44EE6AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0xF44EEF3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0xF44EFE52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0xF44EFB7C]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4958 12 Bytes [AE, F8, 49, F4, 5E, E9, 4E, ...] {SCASB ; CLC ; DEC ECX; HLT ; POP ESI; JMP 0xeb7af458; DEC ESI; HLT }
.text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A24 12 Bytes [8E, C7, 4E, F4, 46, A1, 49, ...] {MOV ES, EDI; DEC ESI; HLT ; INC ESI; MOV EAX, [0xa39ef449]; DEC ECX; HLT }
.text ntoskrnl.exe!ZwYieldExecution + 26A 804E4A94 8 Bytes [EA, FC, 4E, F4, 3E, 8B, 48, ...] {JMP FAR 0x488b:0x3ef44efc; HLT }
.text ntoskrnl.exe!ZwYieldExecution + 346 804E4B70 4 Bytes [EA, F6, 4E, F4]
.text ntoskrnl.exe!ZwYieldExecution + 376 804E4BA0 20 Bytes [22, 97, 49, F4, 94, 9D, 49, ...]
.text ...
? tvghjv.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip kltdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp kltdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp kltdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp kltdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013 Ran by Maman joon & Shima (ATTENTION: The logged in user is not administrator) on ADMIN-PC on 19-10-2013 21:03:08 Running from C:\Users\Maman joon & Shima\Desktop Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Google Inc.) C:\Users\Maman joon & Shima\AppData\Local\Google\Update\GoogleUpdate.exe (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\AppData\Local\Akamai\netsession_win.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Runonce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKCU\...\Run: [Weather Widget (HTC Home)] - "C:\Program Files\HTC Home\Weather.exe" HKCU\...\Run: [SandboxieControl] - "C:\Program Files\Sandboxie\SbieCtrl.exe" HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] () HKCU\...\Run: [Google Update] - C:\Users\Maman joon & Shima\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-28] (Google Inc.) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Maman joon & Shima\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) Startup: C:\Users\Maman joon & Shima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Maman joon & Shima\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x83B26E72C7A0CE01 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Maman joon & Shima\AppData\Roaming\Mozilla\Firefox\Profiles\n341jydo.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Maman joon & Shima\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Maman joon & Shima\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Forecastfox - C:\Users\Maman joon & Shima\AppData\Roaming\Mozilla\Firefox\Profiles\n341jydo.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} FF Extension: WOT - C:\Users\Maman joon & Shima\AppData\Roaming\Mozilla\Firefox\Profiles\n341jydo.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: fbp - C:\Users\Maman joon & Shima\AppData\Roaming\Mozilla\Firefox\Profiles\n341jydo.default\Extensions\fbp@fbpurity.com.xpi FF Extension: No Name - C:\Users\Maman joon & Shima\AppData\Roaming\Mozilla\Firefox\Profiles\n341jydo.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\Maman joon & Shima\AppData\Roaming\Mozilla\Firefox\Profiles\n341jydo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Users\Maman joon & Shima\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Maman joon & Shima\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Maman joon & Shima\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Google Update) - C:\Users\Maman joon & Shima\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\MAMANJ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\MAMANJ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\MAMANJ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (SmoothScroll) - C:\Users\MAMANJ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.2.8_0 CHR Extension: (Google Search) - C:\Users\MAMANJ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (AdBlock) - C:\Users\MAMANJ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\MAMANJ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\Users\MAMANJ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= R2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [29912 2013-08-23] (AOMEI Tech Co., Ltd.) R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-19] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S1 MpKslacfd3ed6; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05560E47-6328-425A-A72E-610E5B2EFD90}\MpKslacfd3ed6.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-19 21:02 - 2013-10-19 21:02 - 00000000 ____D C:\FRST 2013-10-19 21:01 - 2013-10-19 21:01 - 00000472 _____ C:\Users\Maman joon & Shima\Desktop\defogger_disable.log 2013-10-19 21:00 - 2013-10-19 21:00 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\alt 2013-10-19 20:58 - 2013-10-19 20:58 - 01087515 _____ (Farbar) C:\Users\Maman joon & Shima\Desktop\FRST.exe 2013-10-19 20:58 - 2013-10-19 20:58 - 00050477 _____ C:\Users\Maman joon & Shima\Desktop\Defogger.exe 2013-10-19 20:57 - 2013-10-19 20:57 - 00377856 _____ C:\Users\Maman joon & Shima\Desktop\Gmer.exe 2013-10-19 15:46 - 2013-10-19 15:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Malwarebytes 2013-10-19 14:06 - 2013-10-19 14:06 - 00163617 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks 19.10.13.html 2013-10-19 14:06 - 2013-10-19 14:06 - 00056276 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks-2013-10-19.json 2013-10-19 13:38 - 2013-10-19 13:38 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-19 13:37 - 2013-10-19 13:37 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-19 13:37 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-19 13:35 - 2013-10-19 13:36 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Maman joon & Shima\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-15 10:48 - 2013-10-15 10:48 - 00001041 _____ C:\Users\Maman joon & Shima\Desktop\PDF Converter.lnk 2013-10-15 10:46 - 2013-10-19 16:32 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Codes 2013-10-15 10:46 - 2013-10-15 20:58 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Uni 2013-10-14 14:50 - 2013-10-14 14:50 - 00000468 _____ C:\Users\Maman joon & Shima\Desktop\Uni.lnk 2013-10-12 23:02 - 2013-10-18 22:24 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Flood Light Games 2013-10-12 23:02 - 2013-10-18 22:24 - 00000000 ____D C:\ProgramData\Flood Light Games 2013-10-12 21:22 - 2013-10-12 21:24 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\TitanicMystery 2013-10-12 21:22 - 2013-10-12 21:22 - 00000000 ____D C:\ProgramData\1912 Titanic Mystery 2013-10-12 16:45 - 2013-10-19 13:31 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\USB 2013-10-12 15:39 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-12 15:39 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-12 15:39 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-12 15:39 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-10-12 15:39 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-12 15:39 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-12 15:39 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-10-12 15:39 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-12 15:39 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-10-12 15:39 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-12 15:39 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-10-12 15:39 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-12 15:39 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-12 15:39 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-12 15:39 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-10-12 15:39 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-11 22:46 - 2013-10-11 22:46 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3080170468-2847345479-74797732-1001Core1cec6c2eceaf2c3.job 2013-10-11 21:58 - 2013-10-11 21:58 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FlyWheelGames 2013-10-11 11:55 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-11 11:55 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-10-11 11:55 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-10-11 11:55 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-10-11 11:55 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-10-11 11:55 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-10-11 11:55 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-10-11 11:55 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-10-11 11:55 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-10-11 11:55 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-10-11 11:55 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-11 11:55 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2013-10-11 11:55 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 11:55 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-11 11:55 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-11 11:55 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-11 11:55 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-11 11:55 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-11 11:55 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-11 11:55 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-11 11:55 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-11 11:55 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-07 10:29 - 2013-10-07 10:29 - 00001712 _____ C:\Users\Maman joon & Shima\Desktop\Game Manager.lnk 2013-10-06 21:47 - 2013-10-06 21:47 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FloodLightGames 2013-10-06 21:39 - 2013-10-06 21:41 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ThreeDays2 2013-10-06 20:25 - 2013-10-06 20:25 - 00106414 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks.html 2013-10-06 19:00 - 2013-10-06 19:02 - 00000000 ____D C:\Program Files\Fiction Fixers - Adventures in Wonderland 2013-10-06 18:56 - 2013-10-06 18:59 - 00000000 ____D C:\Program Files\1 Moment of Time - Silentville 2013-10-06 18:54 - 2013-10-06 18:55 - 00000000 ____D C:\Program Files\Agatha Christie - Dead Man's Folly 2013-10-06 18:52 - 2013-10-06 18:54 - 00000000 ____D C:\Program Files\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:48 - 2013-10-06 18:52 - 00000000 ____D C:\Program Files\3 Days - Amulet Secret 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\ProgramData\FloodLightGames 2013-10-06 18:45 - 2013-10-06 18:47 - 00000000 ____D C:\Program Files\Agatha Christie - Death on the Nile 2013-10-06 18:36 - 2013-10-06 18:38 - 00000000 ____D C:\Program Files\Agatha Christie - Das Haus an der Duene 2013-10-06 18:33 - 2013-10-06 18:35 - 00000000 ____D C:\Program Files\20000 Meilen unter dem Meer 2013-10-06 17:53 - 2013-10-06 17:56 - 00000000 ____D C:\Program Files\Family Vacation California 2013-10-06 17:33 - 2013-10-06 17:41 - 00000000 ____D C:\Program Files\Fabulous Finds 2013-10-06 17:06 - 2013-10-06 17:07 - 00000000 ____D C:\Program Files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor 2013-10-06 15:45 - 2013-10-06 15:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-06 15:29 - 2013-10-06 15:33 - 00000000 ____D C:\Program Files\3 Days - Zoo Mystery 2013-10-06 15:24 - 2013-10-06 15:28 - 00000000 ____D C:\Program Files\1912 - Titanic Mystery 2013-10-06 15:16 - 2013-10-06 15:23 - 00000000 ____D C:\Program Files\Apothecarium - The Renaissance of Evil 2013-10-06 15:03 - 2013-10-06 15:05 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2013-10-06 15:01 - 2013-10-06 15:03 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Bicyclestudios 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\ProgramData\Bicyclestudios 2013-10-05 19:14 - 2013-10-05 19:14 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Skunk Studios 2013-10-05 19:08 - 2013-10-05 19:08 - 00000000 ____D C:\ProgramData\Astar Games 2013-10-05 17:04 - 2013-10-05 17:04 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\G-HeadGames 2013-10-04 10:14 - 2013-10-04 10:15 - 02543853 _____ C:\Users\Maman joon & Shima\Downloads\homerengl.rar 2013-10-04 09:09 - 2013-10-04 09:09 - 00003424 _____ C:\Users\Maman joon & Shima\AppData\Local\recently-used.xbel 2013-10-03 19:22 - 2013-10-03 19:27 - 12620165 _____ C:\Users\Maman joon & Shima\Downloads\dostoengl.rar 2013-10-03 18:44 - 2013-10-03 18:45 - 01058999 _____ C:\Users\Maman joon & Shima\Downloads\4FC2.tmp 2013-10-03 18:44 - 2013-10-03 18:45 - 00952978 _____ C:\Users\Maman joon & Shima\Downloads\5AE0.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00530784 _____ C:\Users\Maman joon & Shima\Downloads\52FF.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien.txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien (1).txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\4FB1.tmp 2013-10-03 17:52 - 2013-10-03 18:07 - 45179846 _____ C:\Users\Maman joon & Shima\Downloads\Tol-kom.rar 2013-10-03 17:13 - 2013-10-03 17:13 - 00000000 ____D C:\Users\Maman joon & Shima\Million 2013-10-03 16:10 - 2013-10-03 16:10 - 00000000 ____D C:\Users\Public\Documents\BigFish 2013-10-03 12:25 - 2013-10-03 12:25 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Audacity 2013-09-30 21:20 - 2013-09-30 21:20 - 00000000 ____D C:\ProgramData\Venus DS 15 2013-09-30 14:33 - 2013-09-30 14:33 - 00014367 _____ C:\Users\Maman joon & Shima\Documents\Bewerbung schreiben.odt 2013-09-30 10:33 - 2013-10-13 20:19 - 00000680 _____ C:\Users\Maman joon & Shima\AppData\Local\d3d9caps.dat 2013-09-29 22:15 - 2013-09-30 21:07 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Awem 2013-09-29 13:32 - 2013-09-29 13:33 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Akamai 2013-09-29 13:30 - 2013-09-29 13:31 - 10025728 _____ (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\Downloads\my_downloader_installer.exe 2013-09-29 13:28 - 2013-09-29 13:33 - 427406992 _____ (Microsoft Corporation) C:\Users\Maman joon & Shima\Downloads\office2007.exe 2013-09-27 17:25 - 2013-09-27 17:25 - 00097280 _____ C:\Users\Maman joon & Shima\Downloads\Anmeldeformular_SKK.xls 2013-09-25 23:23 - 2013-09-25 23:23 - 00000000 ____D C:\ProgramData\Meridian93 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Murder on the Titanic 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\ProgramData\Particles 2013-09-25 22:16 - 2013-09-25 22:16 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\HillStoneAnimationStudios 2013-09-25 22:14 - 2013-09-25 22:14 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Green Gamer 2013-09-24 21:31 - 2013-09-24 21:31 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Gogii 2013-09-24 21:30 - 2013-09-25 23:22 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Meridian93 2013-09-24 21:23 - 2013-09-24 21:23 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Playrix Entertainment 2013-09-23 01:54 - 2013-09-23 01:55 - 00000000 ____D C:\Program Files\Mysterioese Staedte - Vegas 2013-09-23 01:52 - 2013-09-23 01:53 - 00000000 ____D C:\Program Files\Murder Island - Secret of Tantalus 2013-09-23 01:40 - 2013-09-23 01:41 - 00000000 ____D C:\Program Files\My Beautiful Vacation 2013-09-23 00:47 - 2013-09-23 00:49 - 00000000 ____D C:\Program Files\Island - Das verschollene Medaillon 2013-09-23 00:18 - 2013-09-23 00:19 - 00000000 ____D C:\Program Files\Interpol - The Trail of Dr. Chaos 2013-09-23 00:09 - 2013-10-06 15:30 - 00000000 ____D C:\Program Files\Inspector Magnusson - Murder on the Titanic 2013-09-22 23:38 - 2013-09-22 23:50 - 00000000 ____D C:\Program Files\Affair Bureau 2013-09-22 23:34 - 2013-09-22 23:35 - 00000000 ____D C:\Program Files\DinerTown - Detective Agency 2013-09-22 23:31 - 2013-09-22 23:33 - 00000000 ____D C:\Program Files\Royal Envoy 2 2013-09-22 22:10 - 2013-10-05 19:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\PlayFirst 2013-09-22 22:10 - 2013-10-05 19:06 - 00000000 ____D C:\ProgramData\PlayFirst 2013-09-22 20:58 - 2013-09-22 21:00 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\miss-teri-tale-spiel_s2_l2_gF2352T1L2_d2163767787.exe 2013-09-22 20:58 - 2013-09-22 20:59 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\millionenjagd_s2_l2_gF5412T1L2_d2163767570.exe 2013-09-22 20:58 - 2013-09-22 20:58 - 00112256 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\Nicht bestätigt 747768.crdownload 2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Odian Games 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Crown 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\ProgramData\Crown 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Public\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\ProgramData\Slapdash Games 2013-09-21 23:46 - 2013-09-21 23:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Friday's games 2013-09-19 12:29 - 2013-10-12 21:28 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\vlc ==================== One Month Modified Files and Folders ======= 2013-10-19 21:02 - 2013-10-19 21:02 - 00000000 ____D C:\FRST 2013-10-19 21:01 - 2013-10-19 21:01 - 00000472 _____ C:\Users\Maman joon & Shima\Desktop\defogger_disable.log 2013-10-19 21:01 - 2013-08-21 12:08 - 00000000 ____D C:\Users\Admin 2013-10-19 21:00 - 2013-10-19 21:00 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\alt 2013-10-19 20:58 - 2013-10-19 20:58 - 01087515 _____ (Farbar) C:\Users\Maman joon & Shima\Desktop\FRST.exe 2013-10-19 20:58 - 2013-10-19 20:58 - 00050477 _____ C:\Users\Maman joon & Shima\Desktop\Defogger.exe 2013-10-19 20:57 - 2013-10-19 20:57 - 00377856 _____ C:\Users\Maman joon & Shima\Desktop\Gmer.exe 2013-10-19 20:48 - 2009-04-11 14:36 - 01159201 _____ C:\Windows\WindowsUpdate.log 2013-10-19 20:34 - 2013-08-24 14:01 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Dropbox 2013-10-19 20:33 - 2013-08-22 13:47 - 00000000 ____D C:\Users\Maman joon & Shima\.rainlendar2 2013-10-19 20:31 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-19 20:31 - 2006-11-02 14:47 - 00005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-19 20:31 - 2006-11-02 14:47 - 00005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-19 16:32 - 2013-10-15 10:46 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Codes 2013-10-19 16:24 - 2013-09-16 00:37 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Now 2013-10-19 15:46 - 2013-10-19 15:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Malwarebytes 2013-10-19 14:33 - 2006-11-02 15:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-19 14:30 - 2006-11-02 15:00 - 00018398 _____ C:\Windows\PFRO.log 2013-10-19 14:06 - 2013-10-19 14:06 - 00163617 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks 19.10.13.html 2013-10-19 14:06 - 2013-10-19 14:06 - 00056276 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks-2013-10-19.json 2013-10-19 13:44 - 2009-04-11 18:55 - 01559202 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-19 13:38 - 2013-10-19 13:38 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-19 13:37 - 2013-10-19 13:37 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-19 13:36 - 2013-10-19 13:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Maman joon & Shima\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-19 13:31 - 2013-10-12 16:45 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\USB 2013-10-18 22:24 - 2013-10-12 23:02 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Flood Light Games 2013-10-18 22:24 - 2013-10-12 23:02 - 00000000 ____D C:\ProgramData\Flood Light Games 2013-10-15 20:58 - 2013-10-15 10:46 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Uni 2013-10-15 10:48 - 2013-10-15 10:48 - 00001041 _____ C:\Users\Maman joon & Shima\Desktop\PDF Converter.lnk 2013-10-14 14:50 - 2013-10-14 14:50 - 00000468 _____ C:\Users\Maman joon & Shima\Desktop\Uni.lnk 2013-10-14 01:45 - 2013-08-26 20:04 - 00010926 _____ C:\Users\Maman joon & Shima\Documents\Stundenplan.ods 2013-10-13 20:19 - 2013-09-30 10:33 - 00000680 _____ C:\Users\Maman joon & Shima\AppData\Local\d3d9caps.dat 2013-10-13 18:35 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-13 14:14 - 2013-08-22 08:15 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-13 14:14 - 2013-08-22 07:45 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-12 21:28 - 2013-09-19 12:29 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\vlc 2013-10-12 21:24 - 2013-10-12 21:22 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\TitanicMystery 2013-10-12 21:22 - 2013-10-12 21:22 - 00000000 ____D C:\ProgramData\1912 Titanic Mystery 2013-10-12 16:23 - 2006-11-02 14:47 - 00399248 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-12 16:00 - 2013-08-21 20:11 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-12 15:52 - 2013-08-21 15:47 - 00000000 ____D C:\Windows\system32\MRT 2013-10-12 15:44 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-10-11 22:46 - 2013-10-11 22:46 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3080170468-2847345479-74797732-1001Core1cec6c2eceaf2c3.job 2013-10-11 21:58 - 2013-10-11 21:58 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FlyWheelGames 2013-10-11 12:57 - 2013-08-24 14:03 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-10-07 21:58 - 2013-09-18 21:20 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\DVDVideoSoft 2013-10-07 21:44 - 2013-08-28 14:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-07 21:44 - 2013-08-28 14:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-07 10:29 - 2013-10-07 10:29 - 00001712 _____ C:\Users\Maman joon & Shima\Desktop\Game Manager.lnk 2013-10-06 21:47 - 2013-10-06 21:47 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FloodLightGames 2013-10-06 21:41 - 2013-10-06 21:39 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ThreeDays2 2013-10-06 20:25 - 2013-10-06 20:25 - 00106414 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks.html 2013-10-06 19:58 - 2013-08-21 12:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-06 19:09 - 2013-09-06 13:03 - 00000000 ____D C:\BigFishCache 2013-10-06 19:02 - 2013-10-06 19:00 - 00000000 ____D C:\Program Files\Fiction Fixers - Adventures in Wonderland 2013-10-06 18:59 - 2013-10-06 18:56 - 00000000 ____D C:\Program Files\1 Moment of Time - Silentville 2013-10-06 18:55 - 2013-10-06 18:54 - 00000000 ____D C:\Program Files\Agatha Christie - Dead Man's Folly 2013-10-06 18:54 - 2013-10-06 18:52 - 00000000 ____D C:\Program Files\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:52 - 2013-10-06 18:48 - 00000000 ____D C:\Program Files\3 Days - Amulet Secret 2013-10-06 18:47 - 2013-10-06 18:45 - 00000000 ____D C:\Program Files\Agatha Christie - Death on the Nile 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\ProgramData\FloodLightGames 2013-10-06 18:38 - 2013-10-06 18:36 - 00000000 ____D C:\Program Files\Agatha Christie - Das Haus an der Duene 2013-10-06 18:35 - 2013-10-06 18:33 - 00000000 ____D C:\Program Files\20000 Meilen unter dem Meer 2013-10-06 17:56 - 2013-10-06 17:53 - 00000000 ____D C:\Program Files\Family Vacation California 2013-10-06 17:41 - 2013-10-06 17:33 - 00000000 ____D C:\Program Files\Fabulous Finds 2013-10-06 17:07 - 2013-10-06 17:06 - 00000000 ____D C:\Program Files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor 2013-10-06 15:46 - 2013-10-06 15:45 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-06 15:33 - 2013-10-06 15:29 - 00000000 ____D C:\Program Files\3 Days - Zoo Mystery 2013-10-06 15:30 - 2013-09-23 00:09 - 00000000 ____D C:\Program Files\Inspector Magnusson - Murder on the Titanic 2013-10-06 15:28 - 2013-10-06 15:24 - 00000000 ____D C:\Program Files\1912 - Titanic Mystery 2013-10-06 15:23 - 2013-10-06 15:16 - 00000000 ____D C:\Program Files\Apothecarium - The Renaissance of Evil 2013-10-06 15:05 - 2013-10-06 15:03 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2013-10-06 15:03 - 2013-10-06 15:01 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Bicyclestudios 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\ProgramData\Bicyclestudios 2013-10-05 19:14 - 2013-10-05 19:14 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Skunk Studios 2013-10-05 19:08 - 2013-10-05 19:08 - 00000000 ____D C:\ProgramData\Astar Games 2013-10-05 19:06 - 2013-09-22 22:10 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\PlayFirst 2013-10-05 19:06 - 2013-09-22 22:10 - 00000000 ____D C:\ProgramData\PlayFirst 2013-10-05 17:04 - 2013-10-05 17:04 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\G-HeadGames 2013-10-04 10:15 - 2013-10-04 10:14 - 02543853 _____ C:\Users\Maman joon & Shima\Downloads\homerengl.rar 2013-10-04 09:09 - 2013-10-04 09:09 - 00003424 _____ C:\Users\Maman joon & Shima\AppData\Local\recently-used.xbel 2013-10-04 09:09 - 2013-08-24 15:38 - 00000000 ____D C:\Users\Maman joon & Shima\.gimp-2.8 2013-10-04 08:54 - 2013-08-24 15:41 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\gtk-2.0 2013-10-03 19:27 - 2013-10-03 19:22 - 12620165 _____ C:\Users\Maman joon & Shima\Downloads\dostoengl.rar 2013-10-03 18:45 - 2013-10-03 18:44 - 01058999 _____ C:\Users\Maman joon & Shima\Downloads\4FC2.tmp 2013-10-03 18:45 - 2013-10-03 18:44 - 00952978 _____ C:\Users\Maman joon & Shima\Downloads\5AE0.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00530784 _____ C:\Users\Maman joon & Shima\Downloads\52FF.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien.txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien (1).txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\4FB1.tmp 2013-10-03 18:07 - 2013-10-03 17:52 - 45179846 _____ C:\Users\Maman joon & Shima\Downloads\Tol-kom.rar 2013-10-03 17:13 - 2013-10-03 17:13 - 00000000 ____D C:\Users\Maman joon & Shima\Million 2013-10-03 17:13 - 2013-08-22 13:19 - 00000000 ____D C:\Users\Maman joon & Shima 2013-10-03 16:10 - 2013-10-03 16:10 - 00000000 ____D C:\Users\Public\Documents\BigFish 2013-10-03 12:25 - 2013-10-03 12:25 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Audacity 2013-09-30 21:20 - 2013-09-30 21:20 - 00000000 ____D C:\ProgramData\Venus DS 15 2013-09-30 21:07 - 2013-09-29 22:15 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Awem 2013-09-30 14:36 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\System 2013-09-30 14:36 - 2006-11-02 12:23 - 00000277 _____ C:\Windows\win.ini 2013-09-30 14:33 - 2013-09-30 14:33 - 00014367 _____ C:\Users\Maman joon & Shima\Documents\Bewerbung schreiben.odt 2013-09-30 14:23 - 2013-08-30 22:33 - 01813218 _____ C:\Users\Maman joon & Shima\Documents\Bewerbung Jura.odt 2013-09-30 08:36 - 2013-08-22 13:20 - 00106440 _____ C:\Users\Maman joon & Shima\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-29 22:55 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-09-29 15:19 - 2013-09-15 22:32 - 140831896 _____ C:\Windows\MEMORY.DMP 2013-09-29 15:19 - 2013-09-15 22:32 - 00000000 ____D C:\Windows\Minidump 2013-09-29 14:10 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew 2013-09-29 14:09 - 2013-08-21 20:11 - 00000000 ____D C:\Program Files\Microsoft Office 2013-09-29 13:33 - 2013-09-29 13:32 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Akamai 2013-09-29 13:33 - 2013-09-29 13:28 - 427406992 _____ (Microsoft Corporation) C:\Users\Maman joon & Shima\Downloads\office2007.exe 2013-09-29 13:31 - 2013-09-29 13:30 - 10025728 _____ (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\Downloads\my_downloader_installer.exe 2013-09-27 17:25 - 2013-09-27 17:25 - 00097280 _____ C:\Users\Maman joon & Shima\Downloads\Anmeldeformular_SKK.xls 2013-09-25 23:23 - 2013-09-25 23:23 - 00000000 ____D C:\ProgramData\Meridian93 2013-09-25 23:22 - 2013-09-24 21:30 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Meridian93 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Murder on the Titanic 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\ProgramData\Particles 2013-09-25 22:16 - 2013-09-25 22:16 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\HillStoneAnimationStudios 2013-09-25 22:14 - 2013-09-25 22:14 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Green Gamer 2013-09-24 21:31 - 2013-09-24 21:31 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Gogii 2013-09-24 21:23 - 2013-09-24 21:23 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Playrix Entertainment 2013-09-23 01:55 - 2013-09-23 01:54 - 00000000 ____D C:\Program Files\Mysterioese Staedte - Vegas 2013-09-23 01:53 - 2013-09-23 01:52 - 00000000 ____D C:\Program Files\Murder Island - Secret of Tantalus 2013-09-23 01:41 - 2013-09-23 01:40 - 00000000 ____D C:\Program Files\My Beautiful Vacation 2013-09-23 00:49 - 2013-09-23 00:47 - 00000000 ____D C:\Program Files\Island - Das verschollene Medaillon 2013-09-23 00:19 - 2013-09-23 00:18 - 00000000 ____D C:\Program Files\Interpol - The Trail of Dr. Chaos 2013-09-22 23:50 - 2013-09-22 23:38 - 00000000 ____D C:\Program Files\Affair Bureau 2013-09-22 23:35 - 2013-09-22 23:34 - 00000000 ____D C:\Program Files\DinerTown - Detective Agency 2013-09-22 23:33 - 2013-09-22 23:31 - 00000000 ____D C:\Program Files\Royal Envoy 2 2013-09-22 21:00 - 2013-09-22 20:58 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\miss-teri-tale-spiel_s2_l2_gF2352T1L2_d2163767787.exe 2013-09-22 20:59 - 2013-09-22 20:58 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\millionenjagd_s2_l2_gF5412T1L2_d2163767570.exe 2013-09-22 20:58 - 2013-09-22 20:58 - 00112256 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\Nicht bestätigt 747768.crdownload 2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Odian Games 2013-09-22 12:29 - 2013-10-12 15:39 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-22 12:22 - 2013-10-12 15:39 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-22 12:22 - 2013-10-12 15:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-22 12:14 - 2013-10-12 15:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-22 12:13 - 2013-10-12 15:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-22 12:13 - 2013-10-12 15:39 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-22 12:12 - 2013-10-12 15:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-22 12:09 - 2013-10-12 15:39 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-22 12:08 - 2013-10-12 15:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-22 12:07 - 2013-10-12 15:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-22 12:06 - 2013-10-12 15:39 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-22 12:05 - 2013-10-12 15:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-22 12:03 - 2013-10-12 15:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-22 12:03 - 2013-10-12 15:39 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-22 12:03 - 2013-10-12 15:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-22 11:59 - 2013-10-12 15:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Crown 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\ProgramData\Crown 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Public\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\ProgramData\Slapdash Games 2013-09-21 23:46 - 2013-09-21 23:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Friday's games Some content of TEMP: ==================== C:\Users\Maman joon & Shima\AppData\Local\Temp\Checkupdate.exe C:\Users\Maman joon & Shima\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Maman joon & Shima\AppData\Local\Temp\gcapi_dll.dll C:\Users\Maman joon & Shima\AppData\Local\Temp\gtapi_signed.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013
Ran by Maman joon & Shima at 2013-10-19 21:07:22
Running from C:\Users\Maman joon & Shima\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
1 Moment of Time: Silentville
10 Tage bis die Welt versinkt: Die Abenteuer von Diana Salinger
1912: Titanic Mystery
20.000 Meilen unter dem Meer
3 Days - Amulet Secret
3 Days: Zoo Mystery
7-Zip 9.20
Abyss - Die Geister von Eden
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Affair Bureau
Agatha Christie - Death on the Nile
Agatha Christie: Das Haus an der Düne
Agatha Christie: Dead Man's Folly
Akamai NetSession Interface
AOMEI Backupper
Apothecarium: The Renaissance of Evil
Apple Application Support (Version: 2.3.3)
Apple Software Update (Version: 2.1.3.127)
Artweaver Free 4 (Version: 4.0)
ATI Catalyst Install Manager (Version: 3.0.715.0)
Audacity 2.0.3 (Version: 2.0.3)
Barn Yarn
Big Fish: Game Manager (Version: 3.2.0.6)
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455)
CCleaner (Version: 4.04)
ContentSAFER for Wizmax
Dialang V1 Beta
DinerTown: Detective Agency
Dropbox (HKCU Version: 2.4.2)
EmoDio (Version: 1.0)
Family Vacation California
Fiction Fixers: Adventures in Wonderland
Foxit Reader (Version: 6.0.4.719)
Free YouTube Download version 3.2.11.812 (Version: 3.2.11.812)
Free YouTube to MP3 Converter version 3.12.11.812 (Version: 3.12.11.812)
G.H.O.S.T. Hunters: The Haunting of Majesty Manor
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (HKCU Version: 30.0.1599.101)
Greenshot 1.1.5.2643 (HKCU Version: 1.1.5.2643)
Inkscape 0.48.4 (Version: 0.48.4)
Interpol: The Trail of Dr. Chaos
Island: Das verschollene Medaillon
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JDownloader 0.9 (Version: 0.9)
Joe (Version: 4.00.0050)
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 (Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mnemosyne 2.2.1
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Murder Island: Secret of Tantalus
My Beautiful Vacation
Mysteriöse Städte: Vegas
Notepad++ (Version: 6.4.5)
OpenOffice 4.0.0 (Version: 4.00.9702)
Opera Stable 15.0.1147.153 (Version: 15.0.1147.153)
PDF Converter 1.26
PDFCreator (Version: 1.7.1)
Rainlendar2 (remove only)
Realtek High Definition Audio Driver (Version: 6.0.1.6873)
Royal Envoy 2
Safari (Version: 5.34.57.2)
Secure Download Manager (Version: 3.1.10)
SIW 2013 Home Edition (Version: 2013.05.14)
The Nightshift Code
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.8 (Version: 2.0.8)
Weihnachtswunderland
Weihnachtswunderland 2
World Mosaics 6
Z-Cron (Version: 4.9.0.32)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3080170468-2847345479-74797732-1001Core1cec6c2eceaf2c3.job => C:\Users\Maman joon & Shima\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2012-05-16 21:01 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files\Rainlendar2\lua52.dll
2013-03-10 19:59 - 2013-03-10 19:59 - 00215648 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 15:22 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files\Rainlendar2\lfs.dll
2010-02-11 07:30 - 2010-02-11 07:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-10-06 15:45 - 2013-10-06 15:45 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:067F588D
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449
AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB
AlternateDataStreams: C:\ProgramData\TEMP:17C48B08
AlternateDataStreams: C:\ProgramData\TEMP:18B241CC
AlternateDataStreams: C:\ProgramData\TEMP:1B927722
AlternateDataStreams: C:\ProgramData\TEMP:225CD7D5
AlternateDataStreams: C:\ProgramData\TEMP:26A148EB
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68
AlternateDataStreams: C:\ProgramData\TEMP:32ED8AE7
AlternateDataStreams: C:\ProgramData\TEMP:3815BC84
AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4
AlternateDataStreams: C:\ProgramData\TEMP:43982D5E
AlternateDataStreams: C:\ProgramData\TEMP:46CBC45C
AlternateDataStreams: C:\ProgramData\TEMP:4E243396
AlternateDataStreams: C:\ProgramData\TEMP:4EE95FE7
AlternateDataStreams: C:\ProgramData\TEMP:51E1A4D8
AlternateDataStreams: C:\ProgramData\TEMP:551BED5F
AlternateDataStreams: C:\ProgramData\TEMP:55F44B88
AlternateDataStreams: C:\ProgramData\TEMP:598E0FFA
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48
AlternateDataStreams: C:\ProgramData\TEMP:5FD26EF3
AlternateDataStreams: C:\ProgramData\TEMP:6710EF08
AlternateDataStreams: C:\ProgramData\TEMP:6FE17A89
AlternateDataStreams: C:\ProgramData\TEMP:701FCC18
AlternateDataStreams: C:\ProgramData\TEMP:71AEFFEB
AlternateDataStreams: C:\ProgramData\TEMP:7C412B92
AlternateDataStreams: C:\ProgramData\TEMP:82529191
AlternateDataStreams: C:\ProgramData\TEMP:8924043A
AlternateDataStreams: C:\ProgramData\TEMP:89CF6F9C
AlternateDataStreams: C:\ProgramData\TEMP:8A620099
AlternateDataStreams: C:\ProgramData\TEMP:8E7F155B
AlternateDataStreams: C:\ProgramData\TEMP:8FC1A8C4
AlternateDataStreams: C:\ProgramData\TEMP:902C848D
AlternateDataStreams: C:\ProgramData\TEMP:90B52091
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:993185CB
AlternateDataStreams: C:\ProgramData\TEMP:9B285B76
AlternateDataStreams: C:\ProgramData\TEMP:9BFB769D
AlternateDataStreams: C:\ProgramData\TEMP:9CF728A6
AlternateDataStreams: C:\ProgramData\TEMP:9D06FB9C
AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A57500CB
AlternateDataStreams: C:\ProgramData\TEMP:A6B07419
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67
AlternateDataStreams: C:\ProgramData\TEMP:A76A1B1B
AlternateDataStreams: C:\ProgramData\TEMP:A8185163
AlternateDataStreams: C:\ProgramData\TEMP:AE8FDB48
AlternateDataStreams: C:\ProgramData\TEMP:B36361EE
AlternateDataStreams: C:\ProgramData\TEMP:B8384DB6
AlternateDataStreams: C:\ProgramData\TEMP:B9F8237A
AlternateDataStreams: C:\ProgramData\TEMP:BABA07C2
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:BD9F7E4E
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C
AlternateDataStreams: C:\ProgramData\TEMP:C928F3BE
AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093
AlternateDataStreams: C:\ProgramData\TEMP:CEF2A14E
AlternateDataStreams: C:\ProgramData\TEMP:D2C57161
AlternateDataStreams: C:\ProgramData\TEMP:D5CCCBAA
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
AlternateDataStreams: C:\ProgramData\TEMP:DE6EED8B
AlternateDataStreams: C:\ProgramData\TEMP:DE9F4320
AlternateDataStreams: C:\ProgramData\TEMP:E14FA16F
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:E32966C0
AlternateDataStreams: C:\ProgramData\TEMP:E3B5F2D1
AlternateDataStreams: C:\ProgramData\TEMP:E6CDFB4A
AlternateDataStreams: C:\ProgramData\TEMP:EBCF5924
AlternateDataStreams: C:\ProgramData\TEMP:EF0C5444
AlternateDataStreams: C:\ProgramData\TEMP:EF5B3572
AlternateDataStreams: C:\ProgramData\TEMP:EFF3C3C8
AlternateDataStreams: C:\ProgramData\TEMP:F0A06891
AlternateDataStreams: C:\ProgramData\TEMP:F42B5B0E
AlternateDataStreams: C:\ProgramData\TEMP:F53B274A
AlternateDataStreams: C:\ProgramData\TEMP:F5B51004
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/19/2013 02:33:20 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (10/19/2013 01:36:28 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAMAN JOON & SHIMA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\N341JYDO.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/19/2013 01:36:27 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAMAN JOON & SHIMA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\N341JYDO.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/18/2013 08:52:48 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (10/18/2013 04:48:29 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (10/18/2013 04:13:38 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (10/18/2013 00:55:13 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 24.0.0.5001 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: ccc
Anfangszeit: 01cecbe7d98e9baf
Zeitpunkt der Beendigung: 1281
Error: (10/18/2013 07:06:35 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (10/18/2013 01:08:44 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (10/18/2013 00:44:00 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAMAN JOON & SHIMA\APPDATA\ROAMING\FOXIT SOFTWARE\FOXIT READER\STARTPAGE\SKINS\NORMAL\PURPLE\STARTPAGE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (10/19/2013 08:47:34 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (10/19/2013 08:31:43 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 19.10.2013 um 15:49:46 unerwartet heruntergefahren.
Error: (10/19/2013 08:31:22 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
Error: (10/19/2013 03:48:13 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (10/17/2013 00:09:57 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Error: (10/15/2013 07:56:10 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman
Error: (10/14/2013 01:51:07 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Error: (10/12/2013 04:20:23 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 12.10.2013 um 16:16:57 unerwartet heruntergefahren.
Error: (10/11/2013 03:47:31 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 11.10.2013 um 15:45:48 unerwartet heruntergefahren.
Error: (10/08/2013 03:04:49 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-08-22 08:03:31.795
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-22 08:03:31.576
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-22 08:03:30.967
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-22 08:03:30.733
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-22 08:03:29.436
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\NNSPihsw.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-22 08:03:29.233
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\NNSPihsw.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-22 08:03:29.014
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\NNSPihsw.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-22 08:03:28.889
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\NNSPihsw.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-21 13:52:57.000
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-21 13:52:56.953
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 1022.84 MB
Available physical RAM: 448.07 MB
Total Pagefile: 8707.87 MB
Available Pagefile: 7861.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.16 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:80 GB) (Free:34.22 GB) NTFS
Drive d: (ACER) (Fixed) (Total:55.88 GB) (Free:43.36 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:55.9 GB) (Free:38.54 GB) NTFS
Drive f: () (Fixed) (Total:31.78 GB) (Free:8.66 GB) NTFS
Drive g: (SLAX) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-19 22:04:34
Windows 6.0.6002 Service Pack 2 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2 ST3120026AS rev.3.00 111,79GB
Running: Gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x89C0D000, 0x267978, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3196] ntdll.dll!LdrLoadDll 76F59378 5 Bytes JMP 66F0DFF0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3196] kernel32.dll!HeapSetInformation + 26 761CA8B0 7 Bytes JMP 66F15F1A C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3196] kernel32.dll!LockResource + C 761E6ACB 7 Bytes JMP 67699773 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3196] kernel32.dll!VirtualAllocEx + 54 761EAF50 7 Bytes JMP 67699796 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3196] USER32.dll!GetWindowInfo 7603428E 5 Bytes JMP 675DE25A C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3196] GDI32.dll!SetStretchBltMode + 256 75FD745C 7 Bytes JMP 676996F4 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 ambakdrv.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk1\DR1 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
20.10.2013, 06:50
| #2 | |
| /// the machine /// TB-Ausbilder    | Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg hi,
__________________wir machen erst Vista: Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
20.10.2013, 16:07
| #3 |
| | Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg Der PC ist während des Scans vom normalen Nutzer-Konto selbstständig aufs Admin-konto gewechselt.
__________________Hier nun der Log: Code:
ATTFilter ComboFix 13-10-19.02 - Admin 20.10.2013 12:04:24.1.2 - x86
ausgeführt von:: c:\users\Maman joon & Shima\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Maman joon & Shima\AppData\Roaming\Island
c:\users\Maman joon & Shima\AppData\Roaming\Island\space.rgt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-20 bis 2013-10-20 ))))))))))))))))))))))))))))))
.
.
2013-10-20 10:15 . 2013-10-20 10:15 -------- d-----w- c:\users\Maman joon & Shima\AppData\Local\temp
2013-10-20 10:15 . 2013-10-20 10:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-20 10:15 . 2013-10-20 10:16 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-10-20 09:42 . 2013-10-20 09:42 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41AFB4B6-C9E1-45A5-8F5E-09DA601B40B9}\MpKsl8c52b2ae.sys
2013-10-19 22:12 . 2013-10-19 22:12 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\ArtifexMundi
2013-10-19 21:39 . 2013-10-19 21:39 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\20000Leagues
2013-10-19 21:39 . 2013-10-19 21:39 -------- d-----w- c:\programdata\20000Leagues
2013-10-19 19:02 . 2013-10-19 19:02 -------- d-----w- C:\FRST
2013-10-19 18:44 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41AFB4B6-C9E1-45A5-8F5E-09DA601B40B9}\mpengine.dll
2013-10-19 13:46 . 2013-10-19 13:46 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Malwarebytes
2013-10-19 11:38 . 2013-10-19 11:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-19 11:38 . 2013-10-19 11:38 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2013-10-19 11:37 . 2013-10-19 11:37 -------- d-----w- c:\programdata\Malwarebytes
2013-10-19 11:37 . 2013-10-19 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-19 11:37 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-18 14:42 . 2013-10-18 14:39 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{618E391E-F9AE-4EF2-B39C-8701BAADDEA8}\gapaengine.dll
2013-10-18 14:39 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-12 21:02 . 2013-10-18 20:24 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Flood Light Games
2013-10-12 21:02 . 2013-10-18 20:24 -------- d-----w- c:\programdata\Flood Light Games
2013-10-12 19:22 . 2013-10-12 19:22 -------- d-----w- c:\programdata\1912 Titanic Mystery
2013-10-12 19:22 . 2013-10-12 19:24 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\TitanicMystery
2013-10-11 19:58 . 2013-10-11 19:58 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\FlyWheelGames
2013-10-06 19:47 . 2013-10-06 19:47 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\FloodLightGames
2013-10-06 19:39 . 2013-10-06 19:41 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\ThreeDays2
2013-10-06 17:00 . 2013-10-06 17:02 -------- d-----w- c:\program files\Fiction Fixers - Adventures in Wonderland
2013-10-06 16:56 . 2013-10-06 16:59 -------- d-----w- c:\program files\1 Moment of Time - Silentville
2013-10-06 16:54 . 2013-10-06 16:55 -------- d-----w- c:\program files\Agatha Christie - Dead Man's Folly
2013-10-06 16:52 . 2013-10-06 16:54 -------- d-----w- c:\program files\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger
2013-10-06 16:48 . 2013-10-06 16:52 -------- d-----w- c:\program files\3 Days - Amulet Secret
2013-10-06 16:46 . 2013-10-06 16:46 -------- d-----w- c:\users\Admin\AppData\Roaming\FloodLightGames
2013-10-06 16:46 . 2013-10-06 16:46 -------- d-----w- c:\programdata\FloodLightGames
2013-10-06 16:45 . 2013-10-06 16:47 -------- d-----w- c:\program files\Agatha Christie - Death on the Nile
2013-10-06 16:40 . 2013-10-06 16:43 -------- d-----w- c:\program files\Abyss - Die Geister von Eden
2013-10-06 16:36 . 2013-10-06 16:38 -------- d-----w- c:\program files\Agatha Christie - Das Haus an der Duene
2013-10-06 16:33 . 2013-10-06 16:35 -------- d-----w- c:\program files\20000 Meilen unter dem Meer
2013-10-06 15:53 . 2013-10-06 15:56 -------- d-----w- c:\program files\Family Vacation California
2013-10-06 15:33 . 2013-10-06 15:41 -------- d-----w- c:\program files\Fabulous Finds
2013-10-06 15:06 . 2013-10-06 15:07 -------- d-----w- c:\program files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor
2013-10-06 13:29 . 2013-10-06 13:33 -------- d-----w- c:\program files\3 Days - Zoo Mystery
2013-10-06 13:24 . 2013-10-06 13:28 -------- d-----w- c:\program files\1912 - Titanic Mystery
2013-10-06 13:16 . 2013-10-06 13:23 -------- d-----w- c:\program files\Apothecarium - The Renaissance of Evil
2013-10-06 13:10 . 2013-10-06 13:10 -------- d-----w- c:\users\Admin\AppData\Roaming\Azuaz Games
2013-10-06 13:06 . 2013-10-06 13:06 -------- d-----w- c:\users\Admin\AppData\Roaming\KlickTock
2013-10-06 13:03 . 2013-10-06 13:05 -------- d-----w- c:\program files\Weihnachtswunderland
2013-10-06 13:01 . 2013-10-06 13:03 -------- d-----w- c:\program files\Weihnachtswunderland 2
2013-10-05 18:36 . 2013-10-05 18:36 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Bicyclestudios
2013-10-05 18:36 . 2013-10-05 18:36 -------- d-----w- c:\programdata\Bicyclestudios
2013-10-05 17:14 . 2013-10-05 17:14 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Skunk Studios
2013-10-05 17:08 . 2013-10-05 17:08 -------- d-----w- c:\programdata\Astar Games
2013-10-05 15:04 . 2013-10-05 15:04 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\G-HeadGames
2013-10-03 15:13 . 2013-10-03 15:13 -------- d-----w- c:\users\Maman joon & Shima\Million
2013-10-03 10:25 . 2013-10-03 10:25 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Audacity
2013-09-30 19:20 . 2013-09-30 19:20 -------- d-----w- c:\programdata\Venus DS 15
2013-09-29 20:15 . 2013-09-30 19:07 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Awem
2013-09-29 11:32 . 2013-09-29 11:33 -------- d-----w- c:\users\Maman joon & Shima\AppData\Local\Akamai
2013-09-25 21:23 . 2013-09-25 21:23 -------- d-----w- c:\programdata\Meridian93
2013-09-25 20:20 . 2013-09-25 20:20 -------- d-----w- c:\programdata\Particles
2013-09-25 20:20 . 2013-09-25 20:20 -------- d-----w- c:\users\Maman joon & Shima\AppData\Local\Murder on the Titanic
2013-09-25 20:16 . 2013-09-25 20:16 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\HillStoneAnimationStudios
2013-09-24 19:31 . 2013-09-24 19:31 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Gogii
2013-09-24 19:30 . 2013-09-25 21:22 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Meridian93
2013-09-24 19:23 . 2013-10-19 21:33 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Playrix Entertainment
2013-09-22 23:54 . 2013-09-22 23:55 -------- d-----w- c:\program files\Mysterioese Staedte - Vegas
2013-09-22 23:52 . 2013-09-22 23:53 -------- d-----w- c:\program files\Murder Island - Secret of Tantalus
2013-09-22 23:40 . 2013-09-22 23:41 -------- d-----w- c:\program files\My Beautiful Vacation
2013-09-22 22:47 . 2013-09-22 22:49 -------- d-----w- c:\program files\Island - Das verschollene Medaillon
2013-09-22 22:34 . 2013-09-22 22:34 -------- d-----w- c:\users\Admin\AppData\Roaming\Alawar
2013-09-22 22:18 . 2013-09-22 22:19 -------- d-----w- c:\program files\Interpol - The Trail of Dr. Chaos
2013-09-22 22:09 . 2013-10-06 13:30 -------- d-----w- c:\program files\Inspector Magnusson - Murder on the Titanic
2013-09-22 21:38 . 2013-09-22 21:50 -------- d-----w- c:\program files\Affair Bureau
2013-09-22 21:34 . 2013-09-22 21:35 -------- d-----w- c:\program files\DinerTown - Detective Agency
2013-09-22 21:31 . 2013-09-22 21:33 -------- d-----w- c:\program files\Royal Envoy 2
2013-09-22 20:10 . 2013-10-05 17:06 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\PlayFirst
2013-09-22 20:10 . 2013-10-05 17:06 -------- d-----w- c:\programdata\PlayFirst
2013-09-22 18:29 . 2013-09-22 18:29 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Odian Games
2013-09-21 23:06 . 2013-09-21 23:06 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Crown
2013-09-21 23:06 . 2013-09-21 23:06 -------- d-----w- c:\programdata\Crown
2013-09-21 22:06 . 2013-09-21 22:06 -------- d-----w- c:\users\Maman joon & Shima\AppData\Local\Slapdash Games
2013-09-21 22:06 . 2013-09-21 22:06 -------- d-----w- c:\programdata\Slapdash Games
2013-09-21 21:46 . 2013-09-21 21:46 -------- d-----w- c:\users\Maman joon & Shima\AppData\Roaming\Friday's games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-07 19:44 . 2013-08-28 12:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 19:44 . 2013-08-28 12:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-06 17:45 . 2013-08-23 12:33 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-21 17:16 . 2013-08-21 17:17 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-21 17:16 . 2013-08-21 17:17 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-21 17:16 . 2013-08-21 17:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-21 17:14 . 2013-08-21 17:15 2527232 ----a-w- C:\Joe.msi
2013-08-21 16:33 . 2013-08-21 16:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-08-21 12:59 . 2013-08-21 12:59 86528 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-21 12:59 . 2013-08-21 12:59 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-08-21 12:59 . 2013-08-21 12:59 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-08-21 12:59 . 2013-08-21 12:59 63488 ----a-w- c:\windows\system32\tdc.ocx
2013-08-21 12:59 . 2013-08-21 12:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-08-21 12:59 . 2013-08-21 12:59 161792 ----a-w- c:\windows\system32\msls31.dll
2013-08-21 12:59 . 2013-08-21 12:59 74752 ----a-w- c:\windows\system32\iesetup.dll
2013-08-21 12:59 . 2013-08-21 12:59 367104 ----a-w- c:\windows\system32\html.iec
2013-08-21 12:59 . 2013-08-21 12:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-21 12:59 . 2013-08-21 12:59 152064 ----a-w- c:\windows\system32\wextract.exe
2013-08-21 12:59 . 2013-08-21 12:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-08-21 12:59 . 2013-08-21 12:59 35840 ----a-w- c:\windows\system32\imgutil.dll
2013-08-21 12:59 . 2013-08-21 12:59 11776 ----a-w- c:\windows\system32\mshta.exe
2013-08-21 12:59 . 2013-08-21 12:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-08-21 12:59 . 2013-08-21 12:59 101888 ----a-w- c:\windows\system32\admparse.dll
2013-08-21 12:58 . 2013-08-21 12:58 98816 ----a-w- c:\windows\system32\mfps.dll
2013-08-21 12:58 . 2013-08-21 12:58 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-08-21 12:58 . 2013-08-21 12:58 586240 ----a-w- c:\windows\system32\stobject.dll
2013-08-21 12:58 . 2013-08-21 12:58 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2013-08-21 12:58 . 2013-08-21 12:58 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2013-08-21 12:58 . 2013-08-21 12:58 2873344 ----a-w- c:\windows\system32\mf.dll
2013-08-21 12:58 . 2013-08-21 12:58 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-08-21 12:58 . 2013-08-21 12:58 209920 ----a-w- c:\windows\system32\mfplat.dll
2013-08-21 12:58 . 2013-08-21 12:58 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-08-21 12:58 . 2013-08-21 12:58 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2013-08-21 12:58 . 2013-08-21 12:58 478720 ----a-w- c:\windows\system32\dxgi.dll
2013-08-21 12:58 . 2013-08-21 12:58 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2013-08-21 12:58 . 2013-08-21 12:58 258048 ----a-w- c:\windows\system32\winspool.drv
2013-08-21 12:58 . 2013-08-21 12:58 847360 ----a-w- c:\windows\system32\OpcServices.dll
2013-08-21 12:58 . 2013-08-21 12:58 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2013-08-21 12:57 . 2013-08-21 12:57 4096 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2013-08-21 12:57 . 2013-08-21 12:57 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-08-21 12:57 . 2013-08-21 12:57 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-08-21 12:57 . 2013-08-21 12:57 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-08-21 12:57 . 2013-08-21 12:57 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-08-21 12:57 . 2013-08-21 12:57 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-08-21 12:57 . 2013-08-21 12:57 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-08-21 12:57 . 2013-08-21 12:57 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-08-21 11:33 . 2013-08-21 11:33 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-08-02 04:09 . 2013-08-28 09:20 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-30 04:29 . 2013-08-21 12:29 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2013-03-10 2598496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
" Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sync2IT.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sync2IT.lnk
backup=c:\windows\pss\Sync2IT.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 11:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2009-10-08 12:23 479232 ----a-w- c:\program files\Samsung\EmoDio\SMSTray.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL8C52B2AE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3080170468-2847345479-74797732-1001Core1cec6c2eceaf2c3.job
- c:\users\Maman joon & Shima\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-28 12:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=F50C53B765BCD74E790ED35215A97B5B
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-08-21 12:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-21 12:35; fbp@fbpurity.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\extensions\fbp@fbpurity.com.xpi
FF - ExtSQL: 2013-08-21 13:03; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-08-21 13:03; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-08-21 13:03; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-08-21 13:03; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - ExtSQL: 2013-08-22 06:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 5f393407000000000000000feab3b94e
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15938
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.618:49
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121564&tsp=4981
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-10-20 12:16
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3080170468-2847345479-74797732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-3080170468-2847345479-74797732-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2013-10-20 12:18:34
ComboFix-quarantined-files.txt 2013-10-20 10:18
.
Vor Suchlauf: 12 Verzeichnis(se), 42.339.729.408 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 43.751.915.520 Bytes frei
.
- - End Of File - - E66F895B2AAEFC43DE936FAA7B7B01F1
0792F22BCC85CFD3B28324561FFFCABB
Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.20.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Maman joon & Shima :: ADMIN-PC [limited] Protection: Disabled 20.10.2013 14:20:58 mbam-log-2013-10-20 (14-20-58).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 384138 Time elapsed: 2 hour(s), 27 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
20.10.2013, 18:10
| #4 |
| /// the machine /// TB-Ausbilder | Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.10.2013, 23:10
| #5 |
| | Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg Ich hatte zu Beginn des Scans noch den alten FRST-log auf dem Desktop, der ist aber von selbst verschwunden. AdwCleaner Code:
ATTFilter # AdwCleaner v3.009 - Bericht erstellt am 20/10/2013 um 22:55:34
# Updated 19/10/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Maman joon & Shima\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\5e50ddd0b738ec46
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16514
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "blekko");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "5f393407000000000000000feab3b94e");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15938");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.618:49:35");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
[ Datei : C:\Users\Maman joon & Shima\AppData\Roaming\Mozilla\Firefox\Profiles\n341jydo.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3911 octets] - [20/10/2013 20:15:20]
AdwCleaner[R1].txt - [3971 octets] - [20/10/2013 22:54:28]
AdwCleaner[S0].txt - [3686 octets] - [20/10/2013 22:55:34]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3746 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista (TM) Business x86
Ran by Admin on 20.10.2013 at 23:54:36,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3080170468-2847345479-74797732-1000\Software\SweetIM
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\big fish"
Successfully deleted: [Folder] "C:\bigfishcache"
~~~ FireFox
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\lcdzsvz5.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.10.2013 at 23:58:27,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013 Ran by Admin (administrator) on ADMIN-PC on 21-10-2013 00:03:44 Running from C:\Users\Maman joon & Shima\Desktop Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper\ABService.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Users\Maman joon & Shima\AppData\Local\Google\Update\GoogleUpdate.exe (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Runonce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] () HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Maman joon & Shima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: fbp - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\fbp@fbpurity.com.xpi FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [29912 2013-08-23] (AOMEI Tech Co., Ltd.) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-19] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) R1 MpKslaf688ded; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6C91616-96F1-4AFA-B2F1-C28A6A8A8E98}\MpKslaf688ded.sys [40392 2013-10-20] (Microsoft Corporation) R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH) S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-21 00:01 - 2013-10-20 22:55 - 00003824 _____ C:\Users\Maman joon & Shima\Desktop\AdwCleaner[S0].txt 2013-10-21 00:00 - 2013-10-21 00:00 - 00001447 _____ C:\Users\Maman joon & Shima\Desktop\JRT.txt 2013-10-20 23:58 - 2013-10-20 23:58 - 00001447 _____ C:\Users\Admin\Desktop\JRT.txt 2013-10-20 23:54 - 2013-10-20 23:54 - 00000000 ____D C:\Windows\ERUNT 2013-10-20 20:15 - 2013-10-20 22:55 - 00000000 ____D C:\AdwCleaner 2013-10-20 20:15 - 2013-10-20 20:15 - 00001116 _____ C:\Users\Maman joon & Shima\Desktop\anw.txt 2013-10-20 20:11 - 2013-10-20 20:11 - 01033335 _____ (Thisisu) C:\Users\Maman joon & Shima\Desktop\JRT.exe 2013-10-20 20:10 - 2013-10-20 20:10 - 01056666 _____ C:\Users\Maman joon & Shima\Desktop\adwcleaner.exe 2013-10-20 12:18 - 2013-10-20 12:18 - 00025276 _____ C:\ComboFix.txt 2013-10-20 12:00 - 2013-10-20 12:18 - 00000000 ____D C:\ComboFix 2013-10-20 12:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-20 12:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-20 12:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-20 11:59 - 2013-10-20 12:18 - 00000000 ____D C:\Qoobox 2013-10-20 11:59 - 2013-10-20 12:17 - 00000000 ____D C:\Windows\erdnt 2013-10-20 11:47 - 2013-10-20 11:50 - 05135479 ____R (Swearware) C:\Users\Maman joon & Shima\Desktop\ComboFix.exe 2013-10-20 00:12 - 2013-10-20 00:12 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ArtifexMundi 2013-10-19 23:39 - 2013-10-19 23:39 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\20000Leagues 2013-10-19 23:39 - 2013-10-19 23:39 - 00000000 ____D C:\ProgramData\20000Leagues 2013-10-19 22:04 - 2013-10-19 22:04 - 00002882 _____ C:\Users\Maman joon & Shima\Desktop\GMER.log 2013-10-19 21:07 - 2013-10-19 21:08 - 00020181 _____ C:\Users\Maman joon & Shima\Desktop\Addition.txt 2013-10-19 21:02 - 2013-10-19 21:02 - 00000000 ____D C:\FRST 2013-10-19 21:01 - 2013-10-19 21:01 - 00000472 _____ C:\Users\Maman joon & Shima\Desktop\defogger_disable.log 2013-10-19 21:01 - 2013-10-19 21:01 - 00000000 _____ C:\Users\Admin\defogger_reenable 2013-10-19 21:00 - 2013-10-19 21:00 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\alt 2013-10-19 20:58 - 2013-10-19 20:58 - 01087515 _____ (Farbar) C:\Users\Maman joon & Shima\Desktop\FRST.exe 2013-10-19 20:58 - 2013-10-19 20:58 - 00050477 _____ C:\Users\Maman joon & Shima\Desktop\Defogger.exe 2013-10-19 20:57 - 2013-10-19 20:57 - 00377856 _____ C:\Users\Maman joon & Shima\Desktop\Gmer.exe 2013-10-19 15:46 - 2013-10-19 15:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Malwarebytes 2013-10-19 14:06 - 2013-10-19 14:06 - 00163617 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks 19.10.13.html 2013-10-19 14:06 - 2013-10-19 14:06 - 00056276 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks-2013-10-19.json 2013-10-19 13:38 - 2013-10-19 13:38 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-19 13:38 - 2013-10-19 13:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-19 13:37 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-19 13:35 - 2013-10-19 13:36 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Maman joon & Shima\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-15 10:48 - 2013-10-15 10:48 - 00001041 _____ C:\Users\Maman joon & Shima\Desktop\PDF Converter.lnk 2013-10-15 10:46 - 2013-10-19 16:32 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Codes 2013-10-15 10:46 - 2013-10-15 20:58 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Uni 2013-10-14 14:50 - 2013-10-14 14:50 - 00000468 _____ C:\Users\Maman joon & Shima\Desktop\Uni.lnk 2013-10-12 23:02 - 2013-10-18 22:24 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Flood Light Games 2013-10-12 23:02 - 2013-10-18 22:24 - 00000000 ____D C:\ProgramData\Flood Light Games 2013-10-12 21:22 - 2013-10-12 21:24 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\TitanicMystery 2013-10-12 21:22 - 2013-10-12 21:22 - 00000000 ____D C:\ProgramData\1912 Titanic Mystery 2013-10-12 16:45 - 2013-10-19 13:31 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\USB 2013-10-12 15:39 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-12 15:39 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-12 15:39 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-12 15:39 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-10-12 15:39 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-12 15:39 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-12 15:39 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-10-12 15:39 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-12 15:39 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-10-12 15:39 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-12 15:39 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-10-12 15:39 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-12 15:39 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-12 15:39 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-12 15:39 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-10-12 15:39 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-11 22:46 - 2013-10-11 22:46 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3080170468-2847345479-74797732-1001Core1cec6c2eceaf2c3.job 2013-10-11 21:58 - 2013-10-11 21:58 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FlyWheelGames 2013-10-11 11:55 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-11 11:55 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-10-11 11:55 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-10-11 11:55 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-10-11 11:55 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-10-11 11:55 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-10-11 11:55 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-10-11 11:55 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-10-11 11:55 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-10-11 11:55 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-10-11 11:55 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-11 11:55 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2013-10-11 11:55 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 11:55 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-11 11:55 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-11 11:55 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-11 11:55 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-11 11:55 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-11 11:55 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-11 11:55 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-11 11:55 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-11 11:55 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-07 10:29 - 2013-10-07 10:29 - 00001712 _____ C:\Users\Maman joon & Shima\Desktop\Game Manager.lnk 2013-10-06 21:47 - 2013-10-06 21:47 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FloodLightGames 2013-10-06 21:39 - 2013-10-06 21:41 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ThreeDays2 2013-10-06 20:25 - 2013-10-06 20:25 - 00106414 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks.html 2013-10-06 19:00 - 2013-10-06 19:02 - 00000000 ____D C:\Program Files\Fiction Fixers - Adventures in Wonderland 2013-10-06 19:00 - 2013-10-06 19:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - Adventures in Wonderland 2013-10-06 18:56 - 2013-10-06 18:59 - 00000000 ____D C:\Program Files\1 Moment of Time - Silentville 2013-10-06 18:56 - 2013-10-06 18:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1 Moment of Time - Silentville 2013-10-06 18:54 - 2013-10-06 18:55 - 00000000 ____D C:\Program Files\Agatha Christie - Dead Man's Folly 2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Agatha Christie - Dead Man's Folly 2013-10-06 18:52 - 2013-10-06 18:54 - 00000000 ____D C:\Program Files\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:52 - 2013-10-06 18:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:48 - 2013-10-06 18:52 - 00000000 ____D C:\Program Files\3 Days - Amulet Secret 2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3 Days - Amulet Secret 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FloodLightGames 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\ProgramData\FloodLightGames 2013-10-06 18:45 - 2013-10-06 18:47 - 00000000 ____D C:\Program Files\Agatha Christie - Death on the Nile 2013-10-06 18:36 - 2013-10-06 18:38 - 00000000 ____D C:\Program Files\Agatha Christie - Das Haus an der Duene 2013-10-06 18:33 - 2013-10-06 18:35 - 00000000 ____D C:\Program Files\20000 Meilen unter dem Meer 2013-10-06 18:33 - 2013-10-06 18:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\20000 Meilen unter dem Meer 2013-10-06 17:53 - 2013-10-06 17:56 - 00000000 ____D C:\Program Files\Family Vacation California 2013-10-06 17:53 - 2013-10-06 17:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Family Vacation California 2013-10-06 17:33 - 2013-10-06 17:41 - 00000000 ____D C:\Program Files\Fabulous Finds 2013-10-06 17:06 - 2013-10-06 17:07 - 00000000 ____D C:\Program Files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor 2013-10-06 15:45 - 2013-10-06 15:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-06 15:29 - 2013-10-06 15:33 - 00000000 ____D C:\Program Files\3 Days - Zoo Mystery 2013-10-06 15:29 - 2013-10-06 15:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3 Days - Zoo Mystery 2013-10-06 15:24 - 2013-10-06 15:28 - 00000000 ____D C:\Program Files\1912 - Titanic Mystery 2013-10-06 15:24 - 2013-10-06 15:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1912 - Titanic Mystery 2013-10-06 15:16 - 2013-10-06 15:23 - 00000000 ____D C:\Program Files\Apothecarium - The Renaissance of Evil 2013-10-06 15:16 - 2013-10-06 15:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apothecarium - The Renaissance of Evil 2013-10-06 15:10 - 2013-10-06 15:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Azuaz Games 2013-10-06 15:06 - 2013-10-06 15:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KlickTock 2013-10-06 15:03 - 2013-10-06 15:05 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2013-10-06 15:03 - 2013-10-06 15:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weihnachtswunderland 2013-10-06 15:01 - 2013-10-06 15:03 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2 2013-10-06 15:01 - 2013-10-06 15:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weihnachtswunderland 2 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Bicyclestudios 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\ProgramData\Bicyclestudios 2013-10-05 19:14 - 2013-10-05 19:14 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Skunk Studios 2013-10-05 19:08 - 2013-10-05 19:08 - 00000000 ____D C:\ProgramData\Astar Games 2013-10-05 17:04 - 2013-10-05 17:04 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\G-HeadGames 2013-10-04 10:14 - 2013-10-04 10:15 - 02543853 _____ C:\Users\Maman joon & Shima\Downloads\homerengl.rar 2013-10-04 09:09 - 2013-10-04 09:09 - 00003424 _____ C:\Users\Maman joon & Shima\AppData\Local\recently-used.xbel 2013-10-03 19:22 - 2013-10-03 19:27 - 12620165 _____ C:\Users\Maman joon & Shima\Downloads\dostoengl.rar 2013-10-03 18:44 - 2013-10-03 18:45 - 01058999 _____ C:\Users\Maman joon & Shima\Downloads\4FC2.tmp 2013-10-03 18:44 - 2013-10-03 18:45 - 00952978 _____ C:\Users\Maman joon & Shima\Downloads\5AE0.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00530784 _____ C:\Users\Maman joon & Shima\Downloads\52FF.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien.txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien (1).txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\4FB1.tmp 2013-10-03 17:52 - 2013-10-03 18:07 - 45179846 _____ C:\Users\Maman joon & Shima\Downloads\Tol-kom.rar 2013-10-03 17:13 - 2013-10-03 17:13 - 00000000 ____D C:\Users\Maman joon & Shima\Million 2013-10-03 16:10 - 2013-10-03 16:10 - 00000000 ____D C:\Users\Public\Documents\BigFish 2013-10-03 12:25 - 2013-10-03 12:25 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Audacity 2013-09-30 21:20 - 2013-09-30 21:20 - 00000000 ____D C:\ProgramData\Venus DS 15 2013-09-30 14:33 - 2013-09-30 14:33 - 00014367 _____ C:\Users\Maman joon & Shima\Documents\Bewerbung schreiben.odt 2013-09-30 10:33 - 2013-10-13 20:19 - 00000680 _____ C:\Users\Maman joon & Shima\AppData\Local\d3d9caps.dat 2013-09-29 22:15 - 2013-09-30 21:07 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Awem 2013-09-29 15:19 - 2013-09-29 15:19 - 00142376 _____ C:\Windows\Minidump\Mini092913-01.dmp 2013-09-29 13:32 - 2013-09-29 13:33 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Akamai 2013-09-29 13:30 - 2013-09-29 13:31 - 10025728 _____ (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\Downloads\my_downloader_installer.exe 2013-09-29 13:28 - 2013-09-29 13:33 - 427406992 _____ (Microsoft Corporation) C:\Users\Maman joon & Shima\Downloads\office2007.exe 2013-09-27 17:25 - 2013-09-27 17:25 - 00097280 _____ C:\Users\Maman joon & Shima\Downloads\Anmeldeformular_SKK.xls 2013-09-25 23:23 - 2013-09-25 23:23 - 00000000 ____D C:\ProgramData\Meridian93 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Murder on the Titanic 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\ProgramData\Particles 2013-09-25 22:16 - 2013-09-25 22:16 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\HillStoneAnimationStudios 2013-09-25 22:14 - 2013-09-25 22:14 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Green Gamer 2013-09-24 21:31 - 2013-09-24 21:31 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Gogii 2013-09-24 21:30 - 2013-09-25 23:22 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Meridian93 2013-09-24 21:23 - 2013-10-19 23:33 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Playrix Entertainment 2013-09-23 01:54 - 2013-09-23 01:55 - 00000000 ____D C:\Program Files\Mysterioese Staedte - Vegas 2013-09-23 01:54 - 2013-09-23 01:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mysterioese Staedte - Vegas 2013-09-23 01:52 - 2013-09-23 01:53 - 00000000 ____D C:\Program Files\Murder Island - Secret of Tantalus 2013-09-23 01:52 - 2013-09-23 01:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Murder Island - Secret of Tantalus 2013-09-23 01:40 - 2013-09-23 01:41 - 00000000 ____D C:\Program Files\My Beautiful Vacation 2013-09-23 01:40 - 2013-09-23 01:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Beautiful Vacation 2013-09-23 00:47 - 2013-09-23 00:49 - 00000000 ____D C:\Program Files\Island - Das verschollene Medaillon 2013-09-23 00:47 - 2013-09-23 00:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Island - Das verschollene Medaillon 2013-09-23 00:34 - 2013-09-23 00:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Alawar 2013-09-23 00:18 - 2013-09-23 00:19 - 00000000 ____D C:\Program Files\Interpol - The Trail of Dr. Chaos 2013-09-23 00:09 - 2013-10-06 15:30 - 00000000 ____D C:\Program Files\Inspector Magnusson - Murder on the Titanic 2013-09-22 23:38 - 2013-09-22 23:50 - 00000000 ____D C:\Program Files\Affair Bureau 2013-09-22 23:38 - 2013-09-22 23:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Affair Bureau 2013-09-22 23:34 - 2013-09-22 23:35 - 00000000 ____D C:\Program Files\DinerTown - Detective Agency 2013-09-22 23:34 - 2013-09-22 23:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DinerTown - Detective Agency 2013-09-22 23:31 - 2013-09-22 23:33 - 00000000 ____D C:\Program Files\Royal Envoy 2 2013-09-22 23:31 - 2013-09-22 23:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy 2 2013-09-22 22:10 - 2013-10-05 19:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\PlayFirst 2013-09-22 22:10 - 2013-10-05 19:06 - 00000000 ____D C:\ProgramData\PlayFirst 2013-09-22 20:58 - 2013-09-22 21:00 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\miss-teri-tale-spiel_s2_l2_gF2352T1L2_d2163767787.exe 2013-09-22 20:58 - 2013-09-22 20:59 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\millionenjagd_s2_l2_gF5412T1L2_d2163767570.exe 2013-09-22 20:58 - 2013-09-22 20:58 - 00112256 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\Nicht bestätigt 747768.crdownload 2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Odian Games 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Crown 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\ProgramData\Crown 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Public\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\ProgramData\Slapdash Games 2013-09-21 23:46 - 2013-09-21 23:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Friday's games ==================== One Month Modified Files and Folders ======= 2013-10-21 00:02 - 2013-08-24 14:01 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Dropbox 2013-10-21 00:01 - 2013-08-22 13:47 - 00000000 ____D C:\Users\Maman joon & Shima\.rainlendar2 2013-10-21 00:01 - 2009-04-11 14:36 - 01229451 _____ C:\Windows\WindowsUpdate.log 2013-10-21 00:00 - 2013-10-21 00:00 - 00001447 _____ C:\Users\Maman joon & Shima\Desktop\JRT.txt 2013-10-20 23:58 - 2013-10-20 23:58 - 00001447 _____ C:\Users\Admin\Desktop\JRT.txt 2013-10-20 23:54 - 2013-10-20 23:54 - 00000000 ____D C:\Windows\ERUNT 2013-10-20 23:52 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-20 23:52 - 2006-11-02 14:47 - 00005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-20 23:52 - 2006-11-02 14:47 - 00005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-20 23:01 - 2006-11-02 15:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-20 22:55 - 2013-10-21 00:01 - 00003824 _____ C:\Users\Maman joon & Shima\Desktop\AdwCleaner[S0].txt 2013-10-20 22:55 - 2013-10-20 20:15 - 00000000 ____D C:\AdwCleaner 2013-10-20 21:33 - 2013-09-19 12:29 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\vlc 2013-10-20 20:15 - 2013-10-20 20:15 - 00001116 _____ C:\Users\Maman joon & Shima\Desktop\anw.txt 2013-10-20 20:11 - 2013-10-20 20:11 - 01033335 _____ (Thisisu) C:\Users\Maman joon & Shima\Desktop\JRT.exe 2013-10-20 20:10 - 2013-10-20 20:10 - 01056666 _____ C:\Users\Maman joon & Shima\Desktop\adwcleaner.exe 2013-10-20 17:09 - 2006-11-02 15:00 - 00018950 _____ C:\Windows\PFRO.log 2013-10-20 12:18 - 2013-10-20 12:18 - 00025276 _____ C:\ComboFix.txt 2013-10-20 12:18 - 2013-10-20 12:00 - 00000000 ____D C:\ComboFix 2013-10-20 12:18 - 2013-10-20 11:59 - 00000000 ____D C:\Qoobox 2013-10-20 12:18 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2013-10-20 12:18 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-10-20 12:17 - 2013-10-20 11:59 - 00000000 ____D C:\Windows\erdnt 2013-10-20 12:16 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-10-20 11:50 - 2013-10-20 11:47 - 05135479 ____R (Swearware) C:\Users\Maman joon & Shima\Desktop\ComboFix.exe 2013-10-20 00:12 - 2013-10-20 00:12 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ArtifexMundi 2013-10-19 23:39 - 2013-10-19 23:39 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\20000Leagues 2013-10-19 23:39 - 2013-10-19 23:39 - 00000000 ____D C:\ProgramData\20000Leagues 2013-10-19 23:33 - 2013-09-24 21:23 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Playrix Entertainment 2013-10-19 22:04 - 2013-10-19 22:04 - 00002882 _____ C:\Users\Maman joon & Shima\Desktop\GMER.log 2013-10-19 21:08 - 2013-10-19 21:07 - 00020181 _____ C:\Users\Maman joon & Shima\Desktop\Addition.txt 2013-10-19 21:02 - 2013-10-19 21:02 - 00000000 ____D C:\FRST 2013-10-19 21:01 - 2013-10-19 21:01 - 00000472 _____ C:\Users\Maman joon & Shima\Desktop\defogger_disable.log 2013-10-19 21:01 - 2013-10-19 21:01 - 00000000 _____ C:\Users\Admin\defogger_reenable 2013-10-19 21:01 - 2013-08-21 12:08 - 00000000 ____D C:\Users\Admin 2013-10-19 21:00 - 2013-10-19 21:00 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\alt 2013-10-19 20:58 - 2013-10-19 20:58 - 01087515 _____ (Farbar) C:\Users\Maman joon & Shima\Desktop\FRST.exe 2013-10-19 20:58 - 2013-10-19 20:58 - 00050477 _____ C:\Users\Maman joon & Shima\Desktop\Defogger.exe 2013-10-19 20:57 - 2013-10-19 20:57 - 00377856 _____ C:\Users\Maman joon & Shima\Desktop\Gmer.exe 2013-10-19 16:32 - 2013-10-15 10:46 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Codes 2013-10-19 16:24 - 2013-09-16 00:37 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Now 2013-10-19 15:46 - 2013-10-19 15:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Malwarebytes 2013-10-19 14:06 - 2013-10-19 14:06 - 00163617 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks 19.10.13.html 2013-10-19 14:06 - 2013-10-19 14:06 - 00056276 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks-2013-10-19.json 2013-10-19 13:44 - 2009-04-11 18:55 - 01559202 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-19 13:38 - 2013-10-19 13:38 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-19 13:38 - 2013-10-19 13:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-19 13:36 - 2013-10-19 13:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Maman joon & Shima\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-19 13:31 - 2013-10-12 16:45 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\USB 2013-10-18 22:24 - 2013-10-12 23:02 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Flood Light Games 2013-10-18 22:24 - 2013-10-12 23:02 - 00000000 ____D C:\ProgramData\Flood Light Games 2013-10-15 20:58 - 2013-10-15 10:46 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Uni 2013-10-15 10:48 - 2013-10-15 10:48 - 00001041 _____ C:\Users\Maman joon & Shima\Desktop\PDF Converter.lnk 2013-10-14 14:50 - 2013-10-14 14:50 - 00000468 _____ C:\Users\Maman joon & Shima\Desktop\Uni.lnk 2013-10-14 01:45 - 2013-08-26 20:04 - 00010926 _____ C:\Users\Maman joon & Shima\Documents\Stundenplan.ods 2013-10-13 20:19 - 2013-09-30 10:33 - 00000680 _____ C:\Users\Maman joon & Shima\AppData\Local\d3d9caps.dat 2013-10-13 18:35 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-13 14:14 - 2013-08-22 08:15 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-13 14:14 - 2013-08-22 07:45 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-12 21:24 - 2013-10-12 21:22 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\TitanicMystery 2013-10-12 21:22 - 2013-10-12 21:22 - 00000000 ____D C:\ProgramData\1912 Titanic Mystery 2013-10-12 16:23 - 2006-11-02 14:47 - 00399248 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-12 16:00 - 2013-08-21 20:11 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-12 15:52 - 2013-08-21 15:47 - 00000000 ____D C:\Windows\system32\MRT 2013-10-12 15:44 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-10-11 22:46 - 2013-10-11 22:46 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3080170468-2847345479-74797732-1001Core1cec6c2eceaf2c3.job 2013-10-11 21:58 - 2013-10-11 21:58 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FlyWheelGames 2013-10-11 12:57 - 2013-08-24 14:03 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-10-07 21:58 - 2013-09-18 21:20 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\DVDVideoSoft 2013-10-07 21:45 - 2013-08-22 13:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe 2013-10-07 21:44 - 2013-08-28 14:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-07 21:44 - 2013-08-28 14:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-07 10:29 - 2013-10-07 10:29 - 00001712 _____ C:\Users\Maman joon & Shima\Desktop\Game Manager.lnk 2013-10-06 21:47 - 2013-10-06 21:47 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FloodLightGames 2013-10-06 21:41 - 2013-10-06 21:39 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ThreeDays2 2013-10-06 20:25 - 2013-10-06 20:25 - 00106414 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks.html 2013-10-06 19:58 - 2013-08-21 12:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-06 19:02 - 2013-10-06 19:00 - 00000000 ____D C:\Program Files\Fiction Fixers - Adventures in Wonderland 2013-10-06 19:00 - 2013-10-06 19:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - Adventures in Wonderland 2013-10-06 18:59 - 2013-10-06 18:56 - 00000000 ____D C:\Program Files\1 Moment of Time - Silentville 2013-10-06 18:56 - 2013-10-06 18:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1 Moment of Time - Silentville 2013-10-06 18:55 - 2013-10-06 18:54 - 00000000 ____D C:\Program Files\Agatha Christie - Dead Man's Folly 2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Agatha Christie - Dead Man's Folly 2013-10-06 18:54 - 2013-10-06 18:52 - 00000000 ____D C:\Program Files\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:52 - 2013-10-06 18:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:52 - 2013-10-06 18:48 - 00000000 ____D C:\Program Files\3 Days - Amulet Secret 2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3 Days - Amulet Secret 2013-10-06 18:47 - 2013-10-06 18:45 - 00000000 ____D C:\Program Files\Agatha Christie - Death on the Nile 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FloodLightGames 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\ProgramData\FloodLightGames 2013-10-06 18:38 - 2013-10-06 18:36 - 00000000 ____D C:\Program Files\Agatha Christie - Das Haus an der Duene 2013-10-06 18:35 - 2013-10-06 18:33 - 00000000 ____D C:\Program Files\20000 Meilen unter dem Meer 2013-10-06 18:33 - 2013-10-06 18:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\20000 Meilen unter dem Meer 2013-10-06 17:56 - 2013-10-06 17:53 - 00000000 ____D C:\Program Files\Family Vacation California 2013-10-06 17:53 - 2013-10-06 17:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Family Vacation California 2013-10-06 17:41 - 2013-10-06 17:33 - 00000000 ____D C:\Program Files\Fabulous Finds 2013-10-06 17:07 - 2013-10-06 17:06 - 00000000 ____D C:\Program Files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor 2013-10-06 15:46 - 2013-10-06 15:45 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-06 15:33 - 2013-10-06 15:29 - 00000000 ____D C:\Program Files\3 Days - Zoo Mystery 2013-10-06 15:30 - 2013-09-23 00:09 - 00000000 ____D C:\Program Files\Inspector Magnusson - Murder on the Titanic 2013-10-06 15:29 - 2013-10-06 15:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3 Days - Zoo Mystery 2013-10-06 15:28 - 2013-10-06 15:24 - 00000000 ____D C:\Program Files\1912 - Titanic Mystery 2013-10-06 15:24 - 2013-10-06 15:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1912 - Titanic Mystery 2013-10-06 15:23 - 2013-10-06 15:16 - 00000000 ____D C:\Program Files\Apothecarium - The Renaissance of Evil 2013-10-06 15:16 - 2013-10-06 15:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apothecarium - The Renaissance of Evil 2013-10-06 15:10 - 2013-10-06 15:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Azuaz Games 2013-10-06 15:06 - 2013-10-06 15:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KlickTock 2013-10-06 15:05 - 2013-10-06 15:03 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2013-10-06 15:03 - 2013-10-06 15:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weihnachtswunderland 2013-10-06 15:03 - 2013-10-06 15:01 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2 2013-10-06 15:01 - 2013-10-06 15:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weihnachtswunderland 2 2013-10-06 14:52 - 2013-08-21 20:01 - 00000000 ____D C:\Users\Admin\.rainlendar2 2013-10-06 14:51 - 2013-08-21 12:09 - 00106440 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Bicyclestudios 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\ProgramData\Bicyclestudios 2013-10-05 19:14 - 2013-10-05 19:14 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Skunk Studios 2013-10-05 19:08 - 2013-10-05 19:08 - 00000000 ____D C:\ProgramData\Astar Games 2013-10-05 19:06 - 2013-09-22 22:10 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\PlayFirst 2013-10-05 19:06 - 2013-09-22 22:10 - 00000000 ____D C:\ProgramData\PlayFirst 2013-10-05 17:04 - 2013-10-05 17:04 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\G-HeadGames 2013-10-04 10:15 - 2013-10-04 10:14 - 02543853 _____ C:\Users\Maman joon & Shima\Downloads\homerengl.rar 2013-10-04 09:09 - 2013-10-04 09:09 - 00003424 _____ C:\Users\Maman joon & Shima\AppData\Local\recently-used.xbel 2013-10-04 09:09 - 2013-08-24 15:38 - 00000000 ____D C:\Users\Maman joon & Shima\.gimp-2.8 2013-10-04 08:54 - 2013-08-24 15:41 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\gtk-2.0 2013-10-03 19:27 - 2013-10-03 19:22 - 12620165 _____ C:\Users\Maman joon & Shima\Downloads\dostoengl.rar 2013-10-03 18:45 - 2013-10-03 18:44 - 01058999 _____ C:\Users\Maman joon & Shima\Downloads\4FC2.tmp 2013-10-03 18:45 - 2013-10-03 18:44 - 00952978 _____ C:\Users\Maman joon & Shima\Downloads\5AE0.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00530784 _____ C:\Users\Maman joon & Shima\Downloads\52FF.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien.txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien (1).txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\4FB1.tmp 2013-10-03 18:07 - 2013-10-03 17:52 - 45179846 _____ C:\Users\Maman joon & Shima\Downloads\Tol-kom.rar 2013-10-03 17:13 - 2013-10-03 17:13 - 00000000 ____D C:\Users\Maman joon & Shima\Million 2013-10-03 17:13 - 2013-08-22 13:19 - 00000000 ____D C:\Users\Maman joon & Shima 2013-10-03 16:10 - 2013-10-03 16:10 - 00000000 ____D C:\Users\Public\Documents\BigFish 2013-10-03 12:25 - 2013-10-03 12:25 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Audacity 2013-09-30 21:20 - 2013-09-30 21:20 - 00000000 ____D C:\ProgramData\Venus DS 15 2013-09-30 21:07 - 2013-09-29 22:15 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Awem 2013-09-30 14:36 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\System 2013-09-30 14:36 - 2006-11-02 12:23 - 00000277 _____ C:\Windows\win.ini 2013-09-30 14:33 - 2013-09-30 14:33 - 00014367 _____ C:\Users\Maman joon & Shima\Documents\Bewerbung schreiben.odt 2013-09-30 14:23 - 2013-08-30 22:33 - 01813218 _____ C:\Users\Maman joon & Shima\Documents\Bewerbung Jura.odt 2013-09-30 08:36 - 2013-08-22 13:20 - 00106440 _____ C:\Users\Maman joon & Shima\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-29 22:55 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-09-29 15:19 - 2013-09-29 15:19 - 00142376 _____ C:\Windows\Minidump\Mini092913-01.dmp 2013-09-29 15:19 - 2013-09-15 22:32 - 140831896 _____ C:\Windows\MEMORY.DMP 2013-09-29 15:19 - 2013-09-15 22:32 - 00000000 ____D C:\Windows\Minidump 2013-09-29 14:10 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew 2013-09-29 14:09 - 2013-08-21 20:11 - 00000000 ____D C:\Program Files\Microsoft Office 2013-09-29 13:33 - 2013-09-29 13:32 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Akamai 2013-09-29 13:33 - 2013-09-29 13:28 - 427406992 _____ (Microsoft Corporation) C:\Users\Maman joon & Shima\Downloads\office2007.exe 2013-09-29 13:31 - 2013-09-29 13:30 - 10025728 _____ (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\Downloads\my_downloader_installer.exe 2013-09-27 17:25 - 2013-09-27 17:25 - 00097280 _____ C:\Users\Maman joon & Shima\Downloads\Anmeldeformular_SKK.xls 2013-09-25 23:23 - 2013-09-25 23:23 - 00000000 ____D C:\ProgramData\Meridian93 2013-09-25 23:22 - 2013-09-24 21:30 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Meridian93 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Murder on the Titanic 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\ProgramData\Particles 2013-09-25 22:16 - 2013-09-25 22:16 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\HillStoneAnimationStudios 2013-09-25 22:14 - 2013-09-25 22:14 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Green Gamer 2013-09-24 21:31 - 2013-09-24 21:31 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Gogii 2013-09-23 01:55 - 2013-09-23 01:54 - 00000000 ____D C:\Program Files\Mysterioese Staedte - Vegas 2013-09-23 01:54 - 2013-09-23 01:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mysterioese Staedte - Vegas 2013-09-23 01:53 - 2013-09-23 01:52 - 00000000 ____D C:\Program Files\Murder Island - Secret of Tantalus 2013-09-23 01:52 - 2013-09-23 01:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Murder Island - Secret of Tantalus 2013-09-23 01:41 - 2013-09-23 01:40 - 00000000 ____D C:\Program Files\My Beautiful Vacation 2013-09-23 01:40 - 2013-09-23 01:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Beautiful Vacation 2013-09-23 00:49 - 2013-09-23 00:47 - 00000000 ____D C:\Program Files\Island - Das verschollene Medaillon 2013-09-23 00:47 - 2013-09-23 00:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Island - Das verschollene Medaillon 2013-09-23 00:35 - 2013-08-21 12:09 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore 2013-09-23 00:34 - 2013-09-23 00:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Alawar 2013-09-23 00:19 - 2013-09-23 00:18 - 00000000 ____D C:\Program Files\Interpol - The Trail of Dr. Chaos 2013-09-22 23:50 - 2013-09-22 23:38 - 00000000 ____D C:\Program Files\Affair Bureau 2013-09-22 23:38 - 2013-09-22 23:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Affair Bureau 2013-09-22 23:35 - 2013-09-22 23:34 - 00000000 ____D C:\Program Files\DinerTown - Detective Agency 2013-09-22 23:34 - 2013-09-22 23:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DinerTown - Detective Agency 2013-09-22 23:33 - 2013-09-22 23:31 - 00000000 ____D C:\Program Files\Royal Envoy 2 2013-09-22 23:31 - 2013-09-22 23:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy 2 2013-09-22 21:00 - 2013-09-22 20:58 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\miss-teri-tale-spiel_s2_l2_gF2352T1L2_d2163767787.exe 2013-09-22 20:59 - 2013-09-22 20:58 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\millionenjagd_s2_l2_gF5412T1L2_d2163767570.exe 2013-09-22 20:58 - 2013-09-22 20:58 - 00112256 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\Nicht bestätigt 747768.crdownload 2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Odian Games 2013-09-22 12:29 - 2013-10-12 15:39 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-22 12:22 - 2013-10-12 15:39 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-22 12:22 - 2013-10-12 15:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-22 12:14 - 2013-10-12 15:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-22 12:13 - 2013-10-12 15:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-22 12:13 - 2013-10-12 15:39 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-22 12:12 - 2013-10-12 15:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-22 12:09 - 2013-10-12 15:39 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-22 12:08 - 2013-10-12 15:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-22 12:07 - 2013-10-12 15:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-22 12:06 - 2013-10-12 15:39 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-22 12:05 - 2013-10-12 15:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-22 12:03 - 2013-10-12 15:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-22 12:03 - 2013-10-12 15:39 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-22 12:03 - 2013-10-12 15:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-22 11:59 - 2013-10-12 15:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Crown 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\ProgramData\Crown 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Public\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\ProgramData\Slapdash Games 2013-09-21 23:46 - 2013-09-21 23:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Friday's games Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-20 23:58 ==================== End Of Log ============================ |
|
21.10.2013, 11:53
| #6 |
| /// the machine /// TB-Ausbilder | Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log wegESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg |
|
21.10.2013, 22:49
| #7 |
| | Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bd9539dde30fa14ab325611f7dbf3d7b
# engine=15569
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-21 09:10:41
# local_time=2013-10-21 11:10:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=771 16777214 16 1 5241348 5241348 0 0
# compatibility_mode=5892 16776574 100 100 5294565 219922543 0 0
# scanned=243316
# found=4
# cleaned=0
# scan_time=20434
sh=8DCEFA255CF8DAAEC04F6BD084B8E314C6D38738 ft=1 fh=4a2bd51d40f19f00 vn="multiple threats" ac=I fn="C:\System Volume Information\_restore{67BCF5B8-0EB2-4926-B47C-E9C94D16F5E7}\RP8\A0008646.exe"
sh=F721A9E1AC3EA08C6EBE5309FA84315080D4D8D8 ft=1 fh=17fe8b2a6c886bfd vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\System Volume Information\_restore{67BCF5B8-0EB2-4926-B47C-E9C94D16F5E7}\RP8\A0008647.exe"
sh=B7694B23B8207FFAB83F101A49EAEC3934B39352 ft=1 fh=69939a489dea3283 vn="multiple threats" ac=I fn="C:\System Volume Information\_restore{67BCF5B8-0EB2-4926-B47C-E9C94D16F5E7}\RP8\A0008655.EXE"
sh=1AC26CB8FDF81414EB4B18F4E03D03526CBFDDE2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Maman joon & Shima\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6359e236-1007ea2d"
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.8.800.168 Mozilla Firefox (24.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2013 01 Ran by Admin (administrator) on ADMIN-PC on 21-10-2013 23:46:46 Running from C:\Users\Maman joon & Shima\Desktop Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Google Inc.) C:\Users\Maman joon & Shima\AppData\Local\Google\Update\GoogleUpdate.exe (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\AppData\Local\Akamai\netsession_win.exe (AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper\ABService.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Runonce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] () HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Maman joon & Shima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: fbp - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\fbp@fbpurity.com.xpi FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lcdzsvz5.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [29912 2013-08-23] (AOMEI Tech Co., Ltd.) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-19] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) R1 MpKsl9fd897ef; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6C91616-96F1-4AFA-B2F1-C28A6A8A8E98}\MpKsl9fd897ef.sys [40392 2013-10-21] (Microsoft Corporation) R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH) S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-21 23:45 - 2013-10-21 23:45 - 01087529 _____ (Farbar) C:\Users\Maman joon & Shima\Desktop\FRST.exe 2013-10-21 23:35 - 2013-10-21 23:34 - 00891167 _____ C:\Users\Maman joon & Shima\Desktop\SecurityCheck.exe 2013-10-21 23:34 - 2013-10-21 23:34 - 00891167 _____ C:\Users\Maman joon & Shima\Downloads\SecurityCheck.exe 2013-10-21 17:28 - 2013-10-21 17:28 - 00000000 ____D C:\Program Files\ESET 2013-10-21 17:26 - 2013-10-21 17:26 - 02347384 _____ (ESET) C:\Users\Maman joon & Shima\Desktop\esetsmartinstaller_enu.exe 2013-10-20 23:58 - 2013-10-20 23:58 - 00001447 _____ C:\Users\Admin\Desktop\JRT.txt 2013-10-20 23:54 - 2013-10-20 23:54 - 00000000 ____D C:\Windows\ERUNT 2013-10-20 20:15 - 2013-10-20 22:55 - 00000000 ____D C:\AdwCleaner 2013-10-20 20:11 - 2013-10-20 20:11 - 01033335 _____ (Thisisu) C:\Users\Maman joon & Shima\Desktop\JRT.exe 2013-10-20 20:10 - 2013-10-20 20:10 - 01056666 _____ C:\Users\Maman joon & Shima\Desktop\adwcleaner.exe 2013-10-20 12:18 - 2013-10-20 12:18 - 00025276 _____ C:\ComboFix.txt 2013-10-20 12:00 - 2013-10-20 12:18 - 00000000 ____D C:\ComboFix 2013-10-20 12:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-20 12:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-20 12:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-20 12:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-20 11:59 - 2013-10-20 12:18 - 00000000 ____D C:\Qoobox 2013-10-20 11:59 - 2013-10-20 12:17 - 00000000 ____D C:\Windows\erdnt 2013-10-20 11:47 - 2013-10-20 11:50 - 05135479 ____R (Swearware) C:\Users\Maman joon & Shima\Desktop\ComboFix.exe 2013-10-20 00:12 - 2013-10-20 00:12 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ArtifexMundi 2013-10-19 23:39 - 2013-10-19 23:39 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\20000Leagues 2013-10-19 23:39 - 2013-10-19 23:39 - 00000000 ____D C:\ProgramData\20000Leagues 2013-10-19 21:02 - 2013-10-19 21:02 - 00000000 ____D C:\FRST 2013-10-19 21:01 - 2013-10-19 21:01 - 00000000 _____ C:\Users\Admin\defogger_reenable 2013-10-19 21:00 - 2013-10-21 22:02 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\alt 2013-10-19 20:58 - 2013-10-19 20:58 - 00050477 _____ C:\Users\Maman joon & Shima\Desktop\Defogger.exe 2013-10-19 20:57 - 2013-10-19 20:57 - 00377856 _____ C:\Users\Maman joon & Shima\Desktop\Gmer.exe 2013-10-19 15:46 - 2013-10-19 15:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Malwarebytes 2013-10-19 14:06 - 2013-10-19 14:06 - 00163617 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks 19.10.13.html 2013-10-19 14:06 - 2013-10-19 14:06 - 00056276 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks-2013-10-19.json 2013-10-19 13:38 - 2013-10-19 13:38 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-19 13:38 - 2013-10-19 13:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-19 13:37 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-19 13:35 - 2013-10-19 13:36 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Maman joon & Shima\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-15 10:48 - 2013-10-15 10:48 - 00001041 _____ C:\Users\Maman joon & Shima\Desktop\PDF Converter.lnk 2013-10-15 10:46 - 2013-10-19 16:32 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Codes 2013-10-15 10:46 - 2013-10-15 20:58 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Uni 2013-10-14 14:50 - 2013-10-14 14:50 - 00000468 _____ C:\Users\Maman joon & Shima\Desktop\Uni.lnk 2013-10-12 23:02 - 2013-10-18 22:24 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Flood Light Games 2013-10-12 23:02 - 2013-10-18 22:24 - 00000000 ____D C:\ProgramData\Flood Light Games 2013-10-12 21:22 - 2013-10-12 21:24 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\TitanicMystery 2013-10-12 21:22 - 2013-10-12 21:22 - 00000000 ____D C:\ProgramData\1912 Titanic Mystery 2013-10-12 16:45 - 2013-10-19 13:31 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\USB 2013-10-12 15:39 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-12 15:39 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-12 15:39 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-12 15:39 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-10-12 15:39 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-12 15:39 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-12 15:39 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-10-12 15:39 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-12 15:39 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-10-12 15:39 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-12 15:39 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-10-12 15:39 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-12 15:39 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-12 15:39 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-12 15:39 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-10-12 15:39 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-11 22:46 - 2013-10-11 22:46 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3080170468-2847345479-74797732-1001Core1cec6c2eceaf2c3.job 2013-10-11 21:58 - 2013-10-11 21:58 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FlyWheelGames 2013-10-11 11:55 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-11 11:55 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-10-11 11:55 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-10-11 11:55 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-10-11 11:55 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-10-11 11:55 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-10-11 11:55 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-10-11 11:55 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-10-11 11:55 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-10-11 11:55 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-10-11 11:55 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-11 11:55 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2013-10-11 11:55 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 11:55 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-11 11:55 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-11 11:55 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-11 11:55 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-11 11:55 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-11 11:55 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-11 11:55 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-11 11:55 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-11 11:55 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-07 10:29 - 2013-10-07 10:29 - 00001712 _____ C:\Users\Maman joon & Shima\Desktop\Game Manager.lnk 2013-10-06 21:47 - 2013-10-06 21:47 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FloodLightGames 2013-10-06 21:39 - 2013-10-06 21:41 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ThreeDays2 2013-10-06 20:25 - 2013-10-06 20:25 - 00106414 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks.html 2013-10-06 19:00 - 2013-10-06 19:02 - 00000000 ____D C:\Program Files\Fiction Fixers - Adventures in Wonderland 2013-10-06 19:00 - 2013-10-06 19:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - Adventures in Wonderland 2013-10-06 18:56 - 2013-10-06 18:59 - 00000000 ____D C:\Program Files\1 Moment of Time - Silentville 2013-10-06 18:56 - 2013-10-06 18:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1 Moment of Time - Silentville 2013-10-06 18:54 - 2013-10-06 18:55 - 00000000 ____D C:\Program Files\Agatha Christie - Dead Man's Folly 2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Agatha Christie - Dead Man's Folly 2013-10-06 18:52 - 2013-10-06 18:54 - 00000000 ____D C:\Program Files\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:52 - 2013-10-06 18:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:48 - 2013-10-06 18:52 - 00000000 ____D C:\Program Files\3 Days - Amulet Secret 2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3 Days - Amulet Secret 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FloodLightGames 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\ProgramData\FloodLightGames 2013-10-06 18:45 - 2013-10-06 18:47 - 00000000 ____D C:\Program Files\Agatha Christie - Death on the Nile 2013-10-06 18:36 - 2013-10-06 18:38 - 00000000 ____D C:\Program Files\Agatha Christie - Das Haus an der Duene 2013-10-06 18:33 - 2013-10-06 18:35 - 00000000 ____D C:\Program Files\20000 Meilen unter dem Meer 2013-10-06 18:33 - 2013-10-06 18:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\20000 Meilen unter dem Meer 2013-10-06 17:53 - 2013-10-06 17:56 - 00000000 ____D C:\Program Files\Family Vacation California 2013-10-06 17:53 - 2013-10-06 17:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Family Vacation California 2013-10-06 17:33 - 2013-10-06 17:41 - 00000000 ____D C:\Program Files\Fabulous Finds 2013-10-06 17:06 - 2013-10-06 17:07 - 00000000 ____D C:\Program Files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor 2013-10-06 15:45 - 2013-10-06 15:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-06 15:29 - 2013-10-06 15:33 - 00000000 ____D C:\Program Files\3 Days - Zoo Mystery 2013-10-06 15:29 - 2013-10-06 15:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3 Days - Zoo Mystery 2013-10-06 15:24 - 2013-10-06 15:28 - 00000000 ____D C:\Program Files\1912 - Titanic Mystery 2013-10-06 15:24 - 2013-10-06 15:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1912 - Titanic Mystery 2013-10-06 15:16 - 2013-10-06 15:23 - 00000000 ____D C:\Program Files\Apothecarium - The Renaissance of Evil 2013-10-06 15:16 - 2013-10-06 15:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apothecarium - The Renaissance of Evil 2013-10-06 15:10 - 2013-10-06 15:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Azuaz Games 2013-10-06 15:06 - 2013-10-06 15:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KlickTock 2013-10-06 15:03 - 2013-10-06 15:05 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2013-10-06 15:03 - 2013-10-06 15:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weihnachtswunderland 2013-10-06 15:01 - 2013-10-06 15:03 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2 2013-10-06 15:01 - 2013-10-06 15:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weihnachtswunderland 2 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Bicyclestudios 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\ProgramData\Bicyclestudios 2013-10-05 19:14 - 2013-10-05 19:14 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Skunk Studios 2013-10-05 19:08 - 2013-10-05 19:08 - 00000000 ____D C:\ProgramData\Astar Games 2013-10-05 17:04 - 2013-10-05 17:04 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\G-HeadGames 2013-10-04 10:14 - 2013-10-04 10:15 - 02543853 _____ C:\Users\Maman joon & Shima\Downloads\homerengl.rar 2013-10-04 09:09 - 2013-10-04 09:09 - 00003424 _____ C:\Users\Maman joon & Shima\AppData\Local\recently-used.xbel 2013-10-03 19:22 - 2013-10-03 19:27 - 12620165 _____ C:\Users\Maman joon & Shima\Downloads\dostoengl.rar 2013-10-03 18:44 - 2013-10-03 18:45 - 01058999 _____ C:\Users\Maman joon & Shima\Downloads\4FC2.tmp 2013-10-03 18:44 - 2013-10-03 18:45 - 00952978 _____ C:\Users\Maman joon & Shima\Downloads\5AE0.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00530784 _____ C:\Users\Maman joon & Shima\Downloads\52FF.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien.txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien (1).txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\4FB1.tmp 2013-10-03 17:52 - 2013-10-03 18:07 - 45179846 _____ C:\Users\Maman joon & Shima\Downloads\Tol-kom.rar 2013-10-03 17:13 - 2013-10-03 17:13 - 00000000 ____D C:\Users\Maman joon & Shima\Million 2013-10-03 16:10 - 2013-10-03 16:10 - 00000000 ____D C:\Users\Public\Documents\BigFish 2013-10-03 12:25 - 2013-10-03 12:25 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Audacity 2013-09-30 21:20 - 2013-09-30 21:20 - 00000000 ____D C:\ProgramData\Venus DS 15 2013-09-30 14:33 - 2013-09-30 14:33 - 00014367 _____ C:\Users\Maman joon & Shima\Documents\Bewerbung schreiben.odt 2013-09-30 10:33 - 2013-10-13 20:19 - 00000680 _____ C:\Users\Maman joon & Shima\AppData\Local\d3d9caps.dat 2013-09-29 22:15 - 2013-09-30 21:07 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Awem 2013-09-29 15:19 - 2013-09-29 15:19 - 00142376 _____ C:\Windows\Minidump\Mini092913-01.dmp 2013-09-29 13:32 - 2013-09-29 13:33 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Akamai 2013-09-29 13:30 - 2013-09-29 13:31 - 10025728 _____ (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\Downloads\my_downloader_installer.exe 2013-09-29 13:28 - 2013-09-29 13:33 - 427406992 _____ (Microsoft Corporation) C:\Users\Maman joon & Shima\Downloads\office2007.exe 2013-09-27 17:25 - 2013-09-27 17:25 - 00097280 _____ C:\Users\Maman joon & Shima\Downloads\Anmeldeformular_SKK.xls 2013-09-25 23:23 - 2013-09-25 23:23 - 00000000 ____D C:\ProgramData\Meridian93 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Murder on the Titanic 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\ProgramData\Particles 2013-09-25 22:16 - 2013-09-25 22:16 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\HillStoneAnimationStudios 2013-09-25 22:14 - 2013-09-25 22:14 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Green Gamer 2013-09-24 21:31 - 2013-09-24 21:31 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Gogii 2013-09-24 21:30 - 2013-09-25 23:22 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Meridian93 2013-09-24 21:23 - 2013-10-19 23:33 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Playrix Entertainment 2013-09-23 01:54 - 2013-09-23 01:55 - 00000000 ____D C:\Program Files\Mysterioese Staedte - Vegas 2013-09-23 01:54 - 2013-09-23 01:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mysterioese Staedte - Vegas 2013-09-23 01:52 - 2013-09-23 01:53 - 00000000 ____D C:\Program Files\Murder Island - Secret of Tantalus 2013-09-23 01:52 - 2013-09-23 01:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Murder Island - Secret of Tantalus 2013-09-23 01:40 - 2013-09-23 01:41 - 00000000 ____D C:\Program Files\My Beautiful Vacation 2013-09-23 01:40 - 2013-09-23 01:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Beautiful Vacation 2013-09-23 00:47 - 2013-09-23 00:49 - 00000000 ____D C:\Program Files\Island - Das verschollene Medaillon 2013-09-23 00:47 - 2013-09-23 00:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Island - Das verschollene Medaillon 2013-09-23 00:34 - 2013-09-23 00:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Alawar 2013-09-23 00:18 - 2013-09-23 00:19 - 00000000 ____D C:\Program Files\Interpol - The Trail of Dr. Chaos 2013-09-23 00:09 - 2013-10-06 15:30 - 00000000 ____D C:\Program Files\Inspector Magnusson - Murder on the Titanic 2013-09-22 23:38 - 2013-09-22 23:50 - 00000000 ____D C:\Program Files\Affair Bureau 2013-09-22 23:38 - 2013-09-22 23:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Affair Bureau 2013-09-22 23:34 - 2013-09-22 23:35 - 00000000 ____D C:\Program Files\DinerTown - Detective Agency 2013-09-22 23:34 - 2013-09-22 23:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DinerTown - Detective Agency 2013-09-22 23:31 - 2013-09-22 23:33 - 00000000 ____D C:\Program Files\Royal Envoy 2 2013-09-22 23:31 - 2013-09-22 23:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy 2 2013-09-22 22:10 - 2013-10-05 19:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\PlayFirst 2013-09-22 22:10 - 2013-10-05 19:06 - 00000000 ____D C:\ProgramData\PlayFirst 2013-09-22 20:58 - 2013-09-22 21:00 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\miss-teri-tale-spiel_s2_l2_gF2352T1L2_d2163767787.exe 2013-09-22 20:58 - 2013-09-22 20:59 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\millionenjagd_s2_l2_gF5412T1L2_d2163767570.exe 2013-09-22 20:58 - 2013-09-22 20:58 - 00112256 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\Nicht bestätigt 747768.crdownload 2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Odian Games 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Crown 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\ProgramData\Crown 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Public\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\ProgramData\Slapdash Games 2013-09-21 23:46 - 2013-09-21 23:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Friday's games ==================== One Month Modified Files and Folders ======= 2013-10-21 23:45 - 2013-10-21 23:45 - 01087529 _____ (Farbar) C:\Users\Maman joon & Shima\Desktop\FRST.exe 2013-10-21 23:44 - 2013-08-21 19:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Notepad++ 2013-10-21 23:34 - 2013-10-21 23:35 - 00891167 _____ C:\Users\Maman joon & Shima\Desktop\SecurityCheck.exe 2013-10-21 23:34 - 2013-10-21 23:34 - 00891167 _____ C:\Users\Maman joon & Shima\Downloads\SecurityCheck.exe 2013-10-21 23:27 - 2013-08-22 13:47 - 00000000 ____D C:\Users\Maman joon & Shima\.rainlendar2 2013-10-21 22:56 - 2006-11-02 14:47 - 00005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-21 22:56 - 2006-11-02 14:47 - 00005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-21 22:02 - 2013-10-19 21:00 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\alt 2013-10-21 20:36 - 2009-04-11 14:36 - 01244867 _____ C:\Windows\WindowsUpdate.log 2013-10-21 17:28 - 2013-10-21 17:28 - 00000000 ____D C:\Program Files\ESET 2013-10-21 17:26 - 2013-10-21 17:26 - 02347384 _____ (ESET) C:\Users\Maman joon & Shima\Desktop\esetsmartinstaller_enu.exe 2013-10-21 16:58 - 2013-08-24 14:01 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Dropbox 2013-10-21 16:55 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-21 00:12 - 2006-11-02 15:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-20 23:58 - 2013-10-20 23:58 - 00001447 _____ C:\Users\Admin\Desktop\JRT.txt 2013-10-20 23:54 - 2013-10-20 23:54 - 00000000 ____D C:\Windows\ERUNT 2013-10-20 22:55 - 2013-10-20 20:15 - 00000000 ____D C:\AdwCleaner 2013-10-20 21:33 - 2013-09-19 12:29 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\vlc 2013-10-20 20:11 - 2013-10-20 20:11 - 01033335 _____ (Thisisu) C:\Users\Maman joon & Shima\Desktop\JRT.exe 2013-10-20 20:10 - 2013-10-20 20:10 - 01056666 _____ C:\Users\Maman joon & Shima\Desktop\adwcleaner.exe 2013-10-20 17:09 - 2006-11-02 15:00 - 00018950 _____ C:\Windows\PFRO.log 2013-10-20 12:18 - 2013-10-20 12:18 - 00025276 _____ C:\ComboFix.txt 2013-10-20 12:18 - 2013-10-20 12:00 - 00000000 ____D C:\ComboFix 2013-10-20 12:18 - 2013-10-20 11:59 - 00000000 ____D C:\Qoobox 2013-10-20 12:18 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2013-10-20 12:18 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-10-20 12:17 - 2013-10-20 11:59 - 00000000 ____D C:\Windows\erdnt 2013-10-20 12:16 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-10-20 11:50 - 2013-10-20 11:47 - 05135479 ____R (Swearware) C:\Users\Maman joon & Shima\Desktop\ComboFix.exe 2013-10-20 00:12 - 2013-10-20 00:12 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ArtifexMundi 2013-10-19 23:39 - 2013-10-19 23:39 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\20000Leagues 2013-10-19 23:39 - 2013-10-19 23:39 - 00000000 ____D C:\ProgramData\20000Leagues 2013-10-19 23:33 - 2013-09-24 21:23 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Playrix Entertainment 2013-10-19 21:02 - 2013-10-19 21:02 - 00000000 ____D C:\FRST 2013-10-19 21:01 - 2013-10-19 21:01 - 00000000 _____ C:\Users\Admin\defogger_reenable 2013-10-19 21:01 - 2013-08-21 12:08 - 00000000 ____D C:\Users\Admin 2013-10-19 20:58 - 2013-10-19 20:58 - 00050477 _____ C:\Users\Maman joon & Shima\Desktop\Defogger.exe 2013-10-19 20:57 - 2013-10-19 20:57 - 00377856 _____ C:\Users\Maman joon & Shima\Desktop\Gmer.exe 2013-10-19 16:32 - 2013-10-15 10:46 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Codes 2013-10-19 16:24 - 2013-09-16 00:37 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Now 2013-10-19 15:46 - 2013-10-19 15:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Malwarebytes 2013-10-19 14:06 - 2013-10-19 14:06 - 00163617 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks 19.10.13.html 2013-10-19 14:06 - 2013-10-19 14:06 - 00056276 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks-2013-10-19.json 2013-10-19 13:44 - 2009-04-11 18:55 - 01559202 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-19 13:38 - 2013-10-19 13:38 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-19 13:38 - 2013-10-19 13:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-19 13:37 - 2013-10-19 13:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-19 13:36 - 2013-10-19 13:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Maman joon & Shima\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-19 13:31 - 2013-10-12 16:45 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\USB 2013-10-18 22:24 - 2013-10-12 23:02 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Flood Light Games 2013-10-18 22:24 - 2013-10-12 23:02 - 00000000 ____D C:\ProgramData\Flood Light Games 2013-10-15 20:58 - 2013-10-15 10:46 - 00000000 ____D C:\Users\Maman joon & Shima\Desktop\Uni 2013-10-15 10:48 - 2013-10-15 10:48 - 00001041 _____ C:\Users\Maman joon & Shima\Desktop\PDF Converter.lnk 2013-10-14 14:50 - 2013-10-14 14:50 - 00000468 _____ C:\Users\Maman joon & Shima\Desktop\Uni.lnk 2013-10-14 01:45 - 2013-08-26 20:04 - 00010926 _____ C:\Users\Maman joon & Shima\Documents\Stundenplan.ods 2013-10-13 20:19 - 2013-09-30 10:33 - 00000680 _____ C:\Users\Maman joon & Shima\AppData\Local\d3d9caps.dat 2013-10-13 18:35 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-13 14:14 - 2013-08-22 08:15 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-13 14:14 - 2013-08-22 07:45 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-12 21:24 - 2013-10-12 21:22 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\TitanicMystery 2013-10-12 21:22 - 2013-10-12 21:22 - 00000000 ____D C:\ProgramData\1912 Titanic Mystery 2013-10-12 16:23 - 2006-11-02 14:47 - 00399248 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-12 16:00 - 2013-08-21 20:11 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-12 15:52 - 2013-08-21 15:47 - 00000000 ____D C:\Windows\system32\MRT 2013-10-12 15:44 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-10-11 22:46 - 2013-10-11 22:46 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3080170468-2847345479-74797732-1001Core1cec6c2eceaf2c3.job 2013-10-11 21:58 - 2013-10-11 21:58 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FlyWheelGames 2013-10-11 12:57 - 2013-08-24 14:03 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-10-07 21:58 - 2013-09-18 21:20 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\DVDVideoSoft 2013-10-07 21:45 - 2013-08-22 13:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe 2013-10-07 21:44 - 2013-08-28 14:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-07 21:44 - 2013-08-28 14:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-07 10:29 - 2013-10-07 10:29 - 00001712 _____ C:\Users\Maman joon & Shima\Desktop\Game Manager.lnk 2013-10-06 21:47 - 2013-10-06 21:47 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\FloodLightGames 2013-10-06 21:41 - 2013-10-06 21:39 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\ThreeDays2 2013-10-06 20:25 - 2013-10-06 20:25 - 00106414 _____ C:\Users\Maman joon & Shima\Desktop\bookmarks.html 2013-10-06 19:58 - 2013-08-21 12:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-06 19:02 - 2013-10-06 19:00 - 00000000 ____D C:\Program Files\Fiction Fixers - Adventures in Wonderland 2013-10-06 19:00 - 2013-10-06 19:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - Adventures in Wonderland 2013-10-06 18:59 - 2013-10-06 18:56 - 00000000 ____D C:\Program Files\1 Moment of Time - Silentville 2013-10-06 18:56 - 2013-10-06 18:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1 Moment of Time - Silentville 2013-10-06 18:55 - 2013-10-06 18:54 - 00000000 ____D C:\Program Files\Agatha Christie - Dead Man's Folly 2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Agatha Christie - Dead Man's Folly 2013-10-06 18:54 - 2013-10-06 18:52 - 00000000 ____D C:\Program Files\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:52 - 2013-10-06 18:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger 2013-10-06 18:52 - 2013-10-06 18:48 - 00000000 ____D C:\Program Files\3 Days - Amulet Secret 2013-10-06 18:48 - 2013-10-06 18:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3 Days - Amulet Secret 2013-10-06 18:47 - 2013-10-06 18:45 - 00000000 ____D C:\Program Files\Agatha Christie - Death on the Nile 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FloodLightGames 2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\ProgramData\FloodLightGames 2013-10-06 18:38 - 2013-10-06 18:36 - 00000000 ____D C:\Program Files\Agatha Christie - Das Haus an der Duene 2013-10-06 18:35 - 2013-10-06 18:33 - 00000000 ____D C:\Program Files\20000 Meilen unter dem Meer 2013-10-06 18:33 - 2013-10-06 18:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\20000 Meilen unter dem Meer 2013-10-06 17:56 - 2013-10-06 17:53 - 00000000 ____D C:\Program Files\Family Vacation California 2013-10-06 17:53 - 2013-10-06 17:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Family Vacation California 2013-10-06 17:41 - 2013-10-06 17:33 - 00000000 ____D C:\Program Files\Fabulous Finds 2013-10-06 17:07 - 2013-10-06 17:06 - 00000000 ____D C:\Program Files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor 2013-10-06 15:46 - 2013-10-06 15:45 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-06 15:33 - 2013-10-06 15:29 - 00000000 ____D C:\Program Files\3 Days - Zoo Mystery 2013-10-06 15:30 - 2013-09-23 00:09 - 00000000 ____D C:\Program Files\Inspector Magnusson - Murder on the Titanic 2013-10-06 15:29 - 2013-10-06 15:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3 Days - Zoo Mystery 2013-10-06 15:28 - 2013-10-06 15:24 - 00000000 ____D C:\Program Files\1912 - Titanic Mystery 2013-10-06 15:24 - 2013-10-06 15:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1912 - Titanic Mystery 2013-10-06 15:23 - 2013-10-06 15:16 - 00000000 ____D C:\Program Files\Apothecarium - The Renaissance of Evil 2013-10-06 15:16 - 2013-10-06 15:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apothecarium - The Renaissance of Evil 2013-10-06 15:10 - 2013-10-06 15:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Azuaz Games 2013-10-06 15:06 - 2013-10-06 15:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KlickTock 2013-10-06 15:05 - 2013-10-06 15:03 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2013-10-06 15:03 - 2013-10-06 15:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weihnachtswunderland 2013-10-06 15:03 - 2013-10-06 15:01 - 00000000 ____D C:\Program Files\Weihnachtswunderland 2 2013-10-06 15:01 - 2013-10-06 15:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weihnachtswunderland 2 2013-10-06 14:52 - 2013-08-21 20:01 - 00000000 ____D C:\Users\Admin\.rainlendar2 2013-10-06 14:51 - 2013-08-21 12:09 - 00106440 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Bicyclestudios 2013-10-05 20:36 - 2013-10-05 20:36 - 00000000 ____D C:\ProgramData\Bicyclestudios 2013-10-05 19:14 - 2013-10-05 19:14 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Skunk Studios 2013-10-05 19:08 - 2013-10-05 19:08 - 00000000 ____D C:\ProgramData\Astar Games 2013-10-05 19:06 - 2013-09-22 22:10 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\PlayFirst 2013-10-05 19:06 - 2013-09-22 22:10 - 00000000 ____D C:\ProgramData\PlayFirst 2013-10-05 17:04 - 2013-10-05 17:04 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\G-HeadGames 2013-10-04 10:15 - 2013-10-04 10:14 - 02543853 _____ C:\Users\Maman joon & Shima\Downloads\homerengl.rar 2013-10-04 09:09 - 2013-10-04 09:09 - 00003424 _____ C:\Users\Maman joon & Shima\AppData\Local\recently-used.xbel 2013-10-04 09:09 - 2013-08-24 15:38 - 00000000 ____D C:\Users\Maman joon & Shima\.gimp-2.8 2013-10-04 08:54 - 2013-08-24 15:41 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\gtk-2.0 2013-10-03 19:27 - 2013-10-03 19:22 - 12620165 _____ C:\Users\Maman joon & Shima\Downloads\dostoengl.rar 2013-10-03 18:45 - 2013-10-03 18:44 - 01058999 _____ C:\Users\Maman joon & Shima\Downloads\4FC2.tmp 2013-10-03 18:45 - 2013-10-03 18:44 - 00952978 _____ C:\Users\Maman joon & Shima\Downloads\5AE0.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00530784 _____ C:\Users\Maman joon & Shima\Downloads\52FF.tmp 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien.txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\The Children Of Hurin - J.R.R. Tolkien (1).txt 2013-10-03 18:44 - 2013-10-03 18:44 - 00410724 _____ C:\Users\Maman joon & Shima\Downloads\4FB1.tmp 2013-10-03 18:07 - 2013-10-03 17:52 - 45179846 _____ C:\Users\Maman joon & Shima\Downloads\Tol-kom.rar 2013-10-03 17:13 - 2013-10-03 17:13 - 00000000 ____D C:\Users\Maman joon & Shima\Million 2013-10-03 17:13 - 2013-08-22 13:19 - 00000000 ____D C:\Users\Maman joon & Shima 2013-10-03 16:10 - 2013-10-03 16:10 - 00000000 ____D C:\Users\Public\Documents\BigFish 2013-10-03 12:25 - 2013-10-03 12:25 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Audacity 2013-09-30 21:20 - 2013-09-30 21:20 - 00000000 ____D C:\ProgramData\Venus DS 15 2013-09-30 21:07 - 2013-09-29 22:15 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Awem 2013-09-30 14:36 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\System 2013-09-30 14:36 - 2006-11-02 12:23 - 00000277 _____ C:\Windows\win.ini 2013-09-30 14:33 - 2013-09-30 14:33 - 00014367 _____ C:\Users\Maman joon & Shima\Documents\Bewerbung schreiben.odt 2013-09-30 14:23 - 2013-08-30 22:33 - 01813218 _____ C:\Users\Maman joon & Shima\Documents\Bewerbung Jura.odt 2013-09-30 08:36 - 2013-08-22 13:20 - 00106440 _____ C:\Users\Maman joon & Shima\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-29 22:55 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-09-29 15:19 - 2013-09-29 15:19 - 00142376 _____ C:\Windows\Minidump\Mini092913-01.dmp 2013-09-29 15:19 - 2013-09-15 22:32 - 140831896 _____ C:\Windows\MEMORY.DMP 2013-09-29 15:19 - 2013-09-15 22:32 - 00000000 ____D C:\Windows\Minidump 2013-09-29 14:10 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew 2013-09-29 14:09 - 2013-08-21 20:11 - 00000000 ____D C:\Program Files\Microsoft Office 2013-09-29 13:33 - 2013-09-29 13:32 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Akamai 2013-09-29 13:33 - 2013-09-29 13:28 - 427406992 _____ (Microsoft Corporation) C:\Users\Maman joon & Shima\Downloads\office2007.exe 2013-09-29 13:31 - 2013-09-29 13:30 - 10025728 _____ (Akamai Technologies, Inc.) C:\Users\Maman joon & Shima\Downloads\my_downloader_installer.exe 2013-09-27 17:25 - 2013-09-27 17:25 - 00097280 _____ C:\Users\Maman joon & Shima\Downloads\Anmeldeformular_SKK.xls 2013-09-25 23:23 - 2013-09-25 23:23 - 00000000 ____D C:\ProgramData\Meridian93 2013-09-25 23:22 - 2013-09-24 21:30 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Meridian93 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Murder on the Titanic 2013-09-25 22:20 - 2013-09-25 22:20 - 00000000 ____D C:\ProgramData\Particles 2013-09-25 22:16 - 2013-09-25 22:16 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\HillStoneAnimationStudios 2013-09-25 22:14 - 2013-09-25 22:14 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Green Gamer 2013-09-24 21:31 - 2013-09-24 21:31 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Gogii 2013-09-23 01:55 - 2013-09-23 01:54 - 00000000 ____D C:\Program Files\Mysterioese Staedte - Vegas 2013-09-23 01:54 - 2013-09-23 01:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mysterioese Staedte - Vegas 2013-09-23 01:53 - 2013-09-23 01:52 - 00000000 ____D C:\Program Files\Murder Island - Secret of Tantalus 2013-09-23 01:52 - 2013-09-23 01:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Murder Island - Secret of Tantalus 2013-09-23 01:41 - 2013-09-23 01:40 - 00000000 ____D C:\Program Files\My Beautiful Vacation 2013-09-23 01:40 - 2013-09-23 01:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Beautiful Vacation 2013-09-23 00:49 - 2013-09-23 00:47 - 00000000 ____D C:\Program Files\Island - Das verschollene Medaillon 2013-09-23 00:47 - 2013-09-23 00:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Island - Das verschollene Medaillon 2013-09-23 00:35 - 2013-08-21 12:09 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore 2013-09-23 00:34 - 2013-09-23 00:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Alawar 2013-09-23 00:19 - 2013-09-23 00:18 - 00000000 ____D C:\Program Files\Interpol - The Trail of Dr. Chaos 2013-09-22 23:50 - 2013-09-22 23:38 - 00000000 ____D C:\Program Files\Affair Bureau 2013-09-22 23:38 - 2013-09-22 23:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Affair Bureau 2013-09-22 23:35 - 2013-09-22 23:34 - 00000000 ____D C:\Program Files\DinerTown - Detective Agency 2013-09-22 23:34 - 2013-09-22 23:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DinerTown - Detective Agency 2013-09-22 23:33 - 2013-09-22 23:31 - 00000000 ____D C:\Program Files\Royal Envoy 2 2013-09-22 23:31 - 2013-09-22 23:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy 2 2013-09-22 21:00 - 2013-09-22 20:58 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\miss-teri-tale-spiel_s2_l2_gF2352T1L2_d2163767787.exe 2013-09-22 20:59 - 2013-09-22 20:58 - 00236648 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\millionenjagd_s2_l2_gF5412T1L2_d2163767570.exe 2013-09-22 20:58 - 2013-09-22 20:58 - 00112256 _____ (Big Fish Games) C:\Users\Maman joon & Shima\Downloads\Nicht bestätigt 747768.crdownload 2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Odian Games 2013-09-22 12:29 - 2013-10-12 15:39 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-22 12:22 - 2013-10-12 15:39 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-22 12:22 - 2013-10-12 15:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-22 12:14 - 2013-10-12 15:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-22 12:13 - 2013-10-12 15:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-22 12:13 - 2013-10-12 15:39 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-22 12:12 - 2013-10-12 15:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-22 12:09 - 2013-10-12 15:39 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-22 12:08 - 2013-10-12 15:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-22 12:07 - 2013-10-12 15:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-22 12:06 - 2013-10-12 15:39 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-22 12:05 - 2013-10-12 15:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-22 12:03 - 2013-10-12 15:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-22 12:03 - 2013-10-12 15:39 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-22 12:03 - 2013-10-12 15:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-22 11:59 - 2013-10-12 15:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Crown 2013-09-22 01:06 - 2013-09-22 01:06 - 00000000 ____D C:\ProgramData\Crown 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Public\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\Documents\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Local\Slapdash Games 2013-09-22 00:06 - 2013-09-22 00:06 - 00000000 ____D C:\ProgramData\Slapdash Games 2013-09-21 23:46 - 2013-09-21 23:46 - 00000000 ____D C:\Users\Maman joon & Shima\AppData\Roaming\Friday's games Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-21 17:02 ==================== End Of Log ============================ Ich konnte nicht alle USB-Sticks anschließen, daher hab ich mir die beiden gegriffen, die ich zum Backup-machen nutze, darunter der "problematische", der dauernd repariert werden will (obwohl ich ihn formatiert habe) und, wenn er eingestöpselt ist, Vista ein zitterndes "Ich arbeite"-Kreis statt dem Mauszeiger anzeigt. Daran hat sich jetzt nix geändert. Firefox stürzt ohne NoScript noch immer bei Skripten ab, gravierender ist aber, dass NoScript alle Skripte blockiert und wenn ich Skripte einer Seite erlaube, diese nach Schließen & Wiederaufrufen von Firefox erneut blockiert werden... Desweiteren zeigt mir das Web-of-Trust-Plugin dauernd an, dass es neu installiert wurde. Kannst du mir da weiterhelfen? --- --- --- --- --- --- |
|
22.10.2013, 13:41
| #8 |
| /// the machine /// TB-Ausbilder | Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg Firefox deinstallieren, keine Daten behalten, neu installieren. Addons neu installieren. Testen. Java updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Stick schonmal richtig formatiert? Auch schonmal mit Diskpart behandelt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.10.2013, 20:02
| #9 |
| | Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg Ich hab Firefox gerade neu installiert und noch keine Add-Ons installiert. Es ist erneut bei Skripten zusammengestürzt (bspw. habe ich die erste Seite von Youtube aufgerufen -> Absturz) Als ich danach TFC angeschaltet habe, dieses auf das Admin-Konto wechselte und ich nachdem TFC fertig war wieder zurückgewechselt bin und Firefox wieder gestartet habe, hat sich exakt das alte Firefox mit allen alten Addons, Lesezeichen etc einschließlich des Verlaufs geöffnet. Desweiteren ist mir im Admin-Konto aufgefallen: Ich kann keine Windows-Ordner und auch nicht den "Arbeitsplatz" (bei Vista heißt der ja Computer) öffnen. Mit meinem Nutzerkonto geht das. Ich würde Vista und auch XP eventuell einfach neu aufsetzen, nur die Daten in meinen Backup-Partitionen will ich nicht löschen. Zudem habe ich folgendes Problem: Da ich ja 2 getrennte Festplatten habe, würde bei dem Neu-Aufspielen der einen Festplatte die andere ja noch eventuell das Virus haben, welches dann auf die andere rüberwandert. Zudem könnte der Virus beim Übertragen meines Backups vom USB auf den neu aufgesetzten PC ja einfach rüberwandern (sofern er darauf ist). Wie könnte ich vorgehen, um auszuschließen, dass mein PC noch einen Virus hat & gleichzeitig meine alten Back-Up-Daten behalten? |
|
24.10.2013, 09:49
| #10 |
| /// the machine /// TB-Ausbilder | Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg Da kann nix wandern. Das geht nur bei Fileinfector-Infektionen, Du hast nur Adware und so Kram drauf, kein Problem. Einfach, wenn Du das magst alles neuaufsetzen. Das Backup dann durch das AV Programm checken lassen, dann Daten zurückspielen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg |
| adblock, akamai, dateien verschwinden, desktop, downloader, farbar, farbar recovery scan tool, festplatte, flash player, frst:, google, hängt, log-datei, memory management, nicht installiert, ntdll.dll, plug-in, problem, pup.babylon.a, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.browserprotect.a, pup.optional.delta, pup.optional.delta.a, pup.optional.deltatb, pup.optional.installrex, pup.optional.lyricsad, pup.optional.lyricxeeker.a, pup.optional.opencandy, pup.optional.optimizepro.a, pup.optional.somoto.a, sanduhr, svchost.exe, windows xp, ändern |
Linear-Darstellung
