|
Plagegeister aller Art und deren Bekämpfung: PUP.Optional.... 23 Infizierte DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.10.2013, 18:30 | #1 |
| PUP.Optional.... 23 Infizierte Dateien Moin Zusammen! Habe das Thema eben im Flaschen Bereich gestartet (Windows-Probleme) und wollte es eigentlich löschen, ging aber nicht. Ich bitte um Entschuldigung. Deswegen jetzt im neuen Bereich noch mal richtig! Ich habe mir gestern irgendwie diesen Trojaner eingefangen und will ihn nun loswerden. Leider ist mein Computerverständnis dafür nicht ganz sooo ausgereift und suche nun Hilfe hier. Ich habe mich ein wenig durch die Forenthemen hier geklickt und dabei versucht ihn selbst los zu werden. Habe mir mitlerweile folgende Dinge runtergeladen: Malwarbytes Anti Malware ADW Cleaner FRST Nun brauch ich noch Hilfe mit dem richtigen Umgang mit den Programmen. Hier Der Bericht von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Tobias Bormann :: TOBIASBORMANN [Administrator] 28.10.2013 17:54:07 MBAM-log-2013-10-28 (18-12-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267541 Laufzeit: 4 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00078E95-3A4A-4137-8DE7-2824908D1C17} (PUP.Optional.SearchGolTB.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00078E95-3A4A-4137-8DE7-2824908D1C17} (PUP.Optional.SearchGolTB.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{00078E95-3A4A-4137-8DE7-2824908D1C17} (PUP.Optional.SearchGolTB.A) -> Daten: searchgol Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{00078E95-3A4A-4137-8DE7-2824908D1C17} (PUP.Optional.SearchGolTB.A) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Tobias Bormann\AppData\Local\Temp\mt_ffx\searchgol (PUP.Optional.SearchGolTB.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\mt_ffx\searchgol\searchgol (PUP.Optional.SearchGolTB.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\mt_ffx\searchgol\searchgol\1.8.16.19 (PUP.Optional.SearchGolTB.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 15 C:\Users\Tobias Bormann\AppData\Local\Temp\odpyrukC.exe.part (PUP.Optional.InstallMonetizer) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\bus8C38\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\busA8AD\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\busACC2\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\DDF1A9C9-BAB0-7891-A0C0-53E8829D0871\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\DDF1A9C9-BAB0-7891-A0C0-53E8829D0871\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\DDF1A9C9-BAB0-7891-A0C0-53E8829D0871\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\DDF1A9C9-BAB0-7891-A0C0-53E8829D0871\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\DDF1A9C9-BAB0-7891-A0C0-53E8829D0871\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\DDF1A9C9-BAB0-7891-A0C0-53E8829D0871\Latest\MySgolTB.exe (PUP.Optional.SearchGolTB.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\DDF1A9C9-BAB0-7891-A0C0-53E8829D0871\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\AppData\Local\Temp\OCS\ocs_v7f.exe (PUP.Optional.DownloadSponsor.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\Downloads\Free31213YouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe (PUP.Optional.DownloadSponsor.A) -> Keine Aktion durchgeführt. C:\Users\Tobias Bormann\Downloads\ZipExtractorSetup.exe (PUP.Optional.JumpyApps) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe () C:\Program Files (x86)\PHotkey\PVDesktop.exe () C:\Program Files (x86)\PHotkey\PVDAgent.exe (Pegatron Corporation) C:\Program Files (x86)\PHotkey\MsOsd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Sentelic Corporation) C:\Program Files\FSP\FspUip.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Microsoft Corporation) C:\Windows.old\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\Tobias Bormann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [fspuip] - C:\Program Files\FSP\FspUip.exe [4055552 2010-11-08] (Sentelic Corporation) HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Spotify] - C:\Users\Tobias Bormann\AppData\Roaming\Spotify\spotify.exe [4752384 2013-10-21] (Spotify Ltd) HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tobias Bormann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-21] (Spotify Ltd) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MountPoints2: {bed104ba-1c9c-11e3-99ba-806e6f6e6963} - E:\InstallAll.exe HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2010-12-24] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-24] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7368155B5BB1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {00078E95-3A4A-4137-8DE7-2824908D1C17} - No File Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Tobias Bormann\AppData\Roaming\Mozilla\Firefox\Profiles\c9my3rcw.default FF user.js: detected! => C:\Users\Tobias Bormann\AppData\Roaming\Mozilla\Firefox\Profiles\c9my3rcw.default\user.js FF SearchEngineOrder.3: Bing FF Homepage: www.t-online.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-14] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-14] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.) R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2010-12-10] () R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-12-10] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [x] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-14] (Avira Operations GmbH & Co. KG) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-17] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-17] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130921.001\IDSvia64.sys [520280 2013-09-18] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130921.005\ENG64.SYS [126040 2013-09-17] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130921.005\EX64.SYS [2099288 2013-09-17] (Symantec Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2010-12-10] (PEGATRON) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-09-18] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-28 18:11 - 2013-10-28 18:11 - 00000000 ____D C:\FRST 2013-10-28 18:10 - 2013-10-28 18:10 - 01956538 _____ (Farbar) C:\Users\Tobias Bormann\Downloads\FRST64.exe 2013-10-27 21:58 - 2013-10-27 21:58 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Malwarebytes 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-27 21:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-27 21:51 - 2013-10-27 21:51 - 00614816 _____ C:\Users\Tobias Bormann\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2013-10-27 21:47 - 2013-10-27 21:50 - 00610004 _____ (Malwarebytes Corporation ) C:\Users\Tobias Bormann\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-10-27 21:44 - 2013-10-27 21:46 - 00240624 _____ (Malwarebytes Corporation ) C:\Users\Tobias Bormann\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-27 18:34 - 2013-10-27 21:12 - 00000000 ____D C:\AdwCleaner 2013-10-27 18:34 - 2013-10-27 18:34 - 01060070 _____ C:\Users\Tobias Bormann\Downloads\adwcleaner.exe 2013-10-27 18:26 - 2013-10-27 18:26 - 00752096 _____ C:\Users\Tobias Bormann\Downloads\ZipExtractorSetup.exe 2013-10-27 16:44 - 2013-10-27 16:44 - 00159144 _____ (Microsoft Corporation) C:\Users\Tobias Bormann\Downloads\WindowsActivationUpdate.exe 2013-10-27 16:43 - 2013-10-27 16:43 - 00189617 _____ C:\Users\Tobias Bormann\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe.part 2013-10-27 16:37 - 2013-10-27 16:37 - 00003230 _____ C:\Windows\System32\Tasks\{ABE14372-8353-40D1-BAB5-8A3B843217F5} 2013-10-27 16:36 - 2013-10-27 16:52 - 00003434 _____ C:\Windows\wmsetup.log 2013-10-27 16:36 - 2013-10-27 16:36 - 25842736 _____ (Microsoft Corporation) C:\Users\Tobias Bormann\Downloads\wmp11-windowsxp-x86-DE-DE.exe 2013-10-27 15:03 - 2013-10-27 15:07 - 208740130 _____ C:\Users\Tobias Bormann\Downloads\eclipse-standard-kepler-SR1-win32-x86_64.zip 2013-10-26 20:04 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-26 20:04 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-26 20:04 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-26 20:04 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-26 20:03 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-26 20:03 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-26 20:03 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-14 16:39 - 2013-10-14 16:39 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-10-13 17:26 - 2013-10-13 17:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\Documents\samsung 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Samsung 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Samsung 2013-10-13 17:11 - 2013-10-13 17:11 - 00002012 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2013-10-13 17:11 - 2013-10-13 17:11 - 00002002 _____ C:\Users\Public\Desktop\Samsung Kies.lnk 2013-10-13 17:09 - 2013-10-13 17:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-13 16:24 - 2013-07-18 13:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2013-10-13 16:23 - 2013-07-18 13:32 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll 2013-10-13 16:22 - 2013-10-13 16:30 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-10-13 16:22 - 2013-10-13 16:29 - 00000000 ____D C:\ProgramData\Samsung 2013-10-13 16:20 - 2009-07-14 02:41 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL 2013-10-13 16:20 - 2009-07-14 02:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL 2013-10-13 16:20 - 2009-07-14 02:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe 2013-10-13 16:20 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL 2013-10-13 16:20 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe 2013-10-13 16:19 - 2009-07-14 02:41 - 03027456 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 02544128 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00781312 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00611328 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00430592 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00397312 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 01200640 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2013-10-13 16:19 - 2009-07-14 02:39 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe 2013-10-13 16:19 - 2009-07-14 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidx.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmcodecdspps.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdmps.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdmlog.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2013-10-13 16:19 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswmdm.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2013-10-13 16:19 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2013-10-13 16:19 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LAPRXY.DLL 2013-10-13 16:19 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll 2013-10-13 16:19 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe 2013-10-13 16:19 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asferror.dll 2013-10-13 16:19 - 2009-06-10 21:52 - 00316640 _____ C:\Windows\WMSysPr9.prx 2013-10-13 16:18 - 2013-10-13 16:18 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Downloaded Installations 2013-10-13 16:16 - 2013-10-13 16:17 - 70111336 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Tobias Bormann\Downloads\KiesSetup.exe 2013-10-13 06:38 - 2013-10-13 06:38 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-10-13 06:38 - 2013-10-13 06:38 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-10-12 16:16 - 2013-10-13 15:19 - 00008976 _____ C:\Users\Tobias Bormann\Documents\Mappe1.xlsx 2013-10-12 10:18 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-12 10:18 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-12 10:18 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-12 10:18 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-12 10:18 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-12 10:18 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-12 10:18 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-12 10:18 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-12 10:18 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-12 10:18 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-11 13:50 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-11 13:50 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-11 13:50 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-11 13:50 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-11 13:50 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-11 13:50 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-11 13:50 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-11 13:50 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-11 13:50 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-11 13:50 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-11 13:50 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-11 13:50 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-11 13:50 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-11 13:50 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-11 13:50 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-11 13:50 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-11 13:50 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-11 13:50 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-11 13:50 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-11 13:50 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-11 13:50 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-11 13:50 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 13:50 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 13:50 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-11 13:50 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-11 13:50 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-11 13:50 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-11 13:50 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-11 13:50 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-11 13:50 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-11 13:50 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-11 13:50 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-11 13:50 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-11 13:50 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-11 13:50 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-11 13:50 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-11 13:50 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-11 13:50 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-11 13:50 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-11 13:50 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-11 13:50 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-11 13:50 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-11 13:50 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-11 13:50 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-11 13:50 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-11 13:49 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-08 14:42 - 2013-10-08 14:42 - 00002598 _____ C:\Users\Tobias Bormann\Documents\Schlüssel.pfx 2013-10-06 19:05 - 2013-10-06 19:05 - 00000000 ____D C:\Users\Tobias Bormann\Downloads\best 2013-10-06 02:26 - 2013-10-06 02:26 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-10-06 02:26 - 2013-10-06 02:26 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\DVDVideoSoft 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-10-05 19:50 - 2013-10-05 19:52 - 28795304 _____ (DVDVideoSoft Ltd. ) C:\Users\Tobias Bormann\Downloads\Free31213YouTubeToMP3Converter.exe 2013-10-05 10:07 - 2013-10-14 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2013-10-05 10:07 - 2013-10-05 10:07 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-05 10:04 - 2013-10-16 22:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-10-05 10:04 - 2013-10-14 22:50 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-05 10:04 - 2013-10-05 10:04 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Microsoft Help 2013-10-05 10:04 - 2013-10-05 10:04 - 00000000 ____D C:\Program Files\Microsoft Office 2013-10-02 18:08 - 2013-10-02 18:08 - 04029552 _____ C:\Users\Tobias Bormann\Downloads\rest 2.zip 2013-10-02 18:07 - 2013-10-02 18:08 - 05052335 _____ C:\Users\Tobias Bormann\Downloads\best.zip 2013-10-02 18:07 - 2013-10-02 18:08 - 03698519 _____ C:\Users\Tobias Bormann\Downloads\rest 1.zip 2013-10-02 18:06 - 2013-10-02 18:06 - 04754072 _____ C:\Users\Tobias Bormann\Downloads\fail.zip 2013-10-01 14:17 - 2013-10-05 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-10-28 18:11 - 2013-10-28 18:11 - 00000000 ____D C:\FRST 2013-10-28 18:10 - 2013-10-28 18:10 - 01956538 _____ (Farbar) C:\Users\Tobias Bormann\Downloads\FRST64.exe 2013-10-28 18:09 - 2013-09-13 20:00 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4805FE7A-7BDC-4C66-82E6-4CA9ADFF3B82} 2013-10-28 18:07 - 2013-09-14 16:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-28 17:17 - 2013-09-13 18:52 - 01572169 _____ C:\Windows\WindowsUpdate.log 2013-10-28 14:25 - 2009-07-14 05:50 - 00020144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-28 14:25 - 2009-07-14 05:50 - 00020144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-28 14:23 - 2011-04-12 09:14 - 00654166 _____ C:\Windows\system32\perfh007.dat 2013-10-28 14:23 - 2011-04-12 09:14 - 00130006 _____ C:\Windows\system32\perfc007.dat 2013-10-28 14:23 - 2009-07-14 06:12 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-28 14:21 - 2013-09-18 16:51 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Skype 2013-10-28 14:21 - 2013-09-14 20:55 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Spotify 2013-10-28 14:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2013-10-28 14:17 - 2013-09-17 15:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-10-28 14:17 - 2011-03-30 04:38 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-28 14:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-28 14:17 - 2009-07-14 05:56 - 00033474 _____ C:\Windows\setupact.log 2013-10-28 14:14 - 2010-11-21 04:47 - 00009350 _____ C:\Windows\PFRO.log 2013-10-27 21:58 - 2013-10-27 21:58 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Malwarebytes 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-27 21:51 - 2013-10-27 21:51 - 00614816 _____ C:\Users\Tobias Bormann\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2013-10-27 21:50 - 2013-10-27 21:47 - 00610004 _____ (Malwarebytes Corporation ) C:\Users\Tobias Bormann\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-10-27 21:46 - 2013-10-27 21:44 - 00240624 _____ (Malwarebytes Corporation ) C:\Users\Tobias Bormann\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-27 21:41 - 2013-09-18 20:24 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\vlc 2013-10-27 21:12 - 2013-10-27 18:34 - 00000000 ____D C:\AdwCleaner 2013-10-27 18:35 - 2013-09-13 19:23 - 00000000 ___RD C:\Users\Tobias Bormann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-27 18:34 - 2013-10-27 18:34 - 01060070 _____ C:\Users\Tobias Bormann\Downloads\adwcleaner.exe 2013-10-27 18:26 - 2013-10-27 18:26 - 00752096 _____ C:\Users\Tobias Bormann\Downloads\ZipExtractorSetup.exe 2013-10-27 18:15 - 2013-09-17 14:56 - 00000000 ____D C:\Users\UpdatusUser.TobiasBormann 2013-10-27 16:52 - 2013-10-27 16:36 - 00003434 _____ C:\Windows\wmsetup.log 2013-10-27 16:44 - 2013-10-27 16:44 - 00159144 _____ (Microsoft Corporation) C:\Users\Tobias Bormann\Downloads\WindowsActivationUpdate.exe 2013-10-27 16:43 - 2013-10-27 16:43 - 00189617 _____ C:\Users\Tobias Bormann\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe.part 2013-10-27 16:37 - 2013-10-27 16:37 - 00003230 _____ C:\Windows\System32\Tasks\{ABE14372-8353-40D1-BAB5-8A3B843217F5} 2013-10-27 16:36 - 2013-10-27 16:36 - 25842736 _____ (Microsoft Corporation) C:\Users\Tobias Bormann\Downloads\wmp11-windowsxp-x86-DE-DE.exe 2013-10-27 15:07 - 2013-10-27 15:03 - 208740130 _____ C:\Users\Tobias Bormann\Downloads\eclipse-standard-kepler-SR1-win32-x86_64.zip 2013-10-25 13:10 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-10-20 19:33 - 2013-09-14 20:56 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Spotify 2013-10-16 22:53 - 2013-10-05 10:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-10-16 18:45 - 2013-09-17 15:17 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Virtual Desktop Manager 2013-10-14 22:50 - 2013-10-05 10:04 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-14 20:39 - 2013-09-17 15:00 - 00068328 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-14 20:39 - 2013-09-17 15:00 - 00068328 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-14 20:35 - 2013-09-21 13:12 - 00000000 ____D C:\Program Files (x86)\Epson Software 2013-10-14 20:30 - 2013-09-13 20:26 - 00068328 _____ C:\Users\Tobias Bormann\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-14 20:30 - 2009-07-14 05:50 - 00299024 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-14 16:39 - 2013-10-14 16:39 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-10-14 16:39 - 2013-09-14 16:37 - 00001941 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-10-14 14:27 - 2013-10-05 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2013-10-13 17:26 - 2013-10-13 17:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\Documents\samsung 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Samsung 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Samsung 2013-10-13 17:13 - 2013-09-18 15:10 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\CrashDumps 2013-10-13 17:11 - 2013-10-13 17:11 - 00002012 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2013-10-13 17:11 - 2013-10-13 17:11 - 00002002 _____ C:\Users\Public\Desktop\Samsung Kies.lnk 2013-10-13 17:09 - 2013-10-13 17:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-13 17:07 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Portable Devices 2013-10-13 17:07 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2013-10-13 17:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-10-13 16:30 - 2013-10-13 16:22 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-10-13 16:29 - 2013-10-13 16:22 - 00000000 ____D C:\ProgramData\Samsung 2013-10-13 16:23 - 2011-03-30 04:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-13 16:18 - 2013-10-13 16:18 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Downloaded Installations 2013-10-13 16:17 - 2013-10-13 16:16 - 70111336 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Tobias Bormann\Downloads\KiesSetup.exe 2013-10-13 15:19 - 2013-10-12 16:16 - 00008976 _____ C:\Users\Tobias Bormann\Documents\Mappe1.xlsx 2013-10-13 06:38 - 2013-10-13 06:38 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-10-13 06:38 - 2013-10-13 06:38 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-10-12 16:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports 2013-10-12 12:00 - 2013-09-18 16:51 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-12 12:00 - 2013-09-18 16:50 - 00000000 ____D C:\ProgramData\Skype 2013-10-12 10:15 - 2013-09-18 15:23 - 00000000 ____D C:\Windows\system32\MRT 2013-10-12 10:13 - 2013-09-18 15:22 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-10 15:19 - 2013-09-14 16:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-10 15:18 - 2013-09-14 16:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-10 15:18 - 2013-09-14 16:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-10 14:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-08 14:42 - 2013-10-08 14:42 - 00002598 _____ C:\Users\Tobias Bormann\Documents\Schlüssel.pfx 2013-10-06 19:05 - 2013-10-06 19:05 - 00000000 ____D C:\Users\Tobias Bormann\Downloads\best 2013-10-06 02:26 - 2013-10-06 02:26 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-10-06 02:26 - 2013-10-06 02:26 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-10-05 19:54 - 2013-10-01 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\DVDVideoSoft 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-10-05 19:52 - 2013-10-05 19:50 - 28795304 _____ (DVDVideoSoft Ltd. ) C:\Users\Tobias Bormann\Downloads\Free31213YouTubeToMP3Converter.exe 2013-10-05 19:43 - 2013-09-14 16:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-05 10:07 - 2013-10-05 10:07 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-05 10:06 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-10-05 10:04 - 2013-10-05 10:04 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Microsoft Help 2013-10-05 10:04 - 2013-10-05 10:04 - 00000000 ____D C:\Program Files\Microsoft Office 2013-10-05 10:04 - 2009-07-14 08:45 - 00000000 ____D C:\Windows\ShellNew 2013-10-02 18:08 - 2013-10-02 18:08 - 04029552 _____ C:\Users\Tobias Bormann\Downloads\rest 2.zip 2013-10-02 18:08 - 2013-10-02 18:07 - 05052335 _____ C:\Users\Tobias Bormann\Downloads\best.zip 2013-10-02 18:08 - 2013-10-02 18:07 - 03698519 _____ C:\Users\Tobias Bormann\Downloads\rest 1.zip 2013-10-02 18:06 - 2013-10-02 18:06 - 04754072 _____ C:\Users\Tobias Bormann\Downloads\fail.zip 2013-10-02 17:23 - 2013-09-14 16:28 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Mozilla Some content of TEMP: ==================== C:\Users\Tobias Bormann\AppData\Local\Temp\BackupSetup.exe C:\Users\Tobias Bormann\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe C:\Users\Tobias Bormann\AppData\Local\Temp\ose00000.exe C:\Users\Tobias Bormann\AppData\Local\Temp\vcredist_x64.exe C:\Users\Tobias Bormann\AppData\Local\Temp\_is3F12.exe C:\Users\Tobias Bormann\AppData\Local\Temp\_is77CD.exe C:\Users\Tobias Bormann\AppData\Local\Temp\_isAF8.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-22 19:49 ==================== End Of Log ============================ |
28.10.2013, 18:41 | #2 |
/// the machine /// TB-Ausbilder | PUP.Optional.... 23 Infizierte Dateien hi,
__________________Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
28.10.2013, 21:32 | #3 |
| PUP.Optional.... 23 Infizierte Dateien adw cleaner:
__________________Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 28/10/2013 um 18:47:58 # Updated 20/10/2013 von Xplode # Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits) # Benutzername : Tobias Bormann - TOBIASBORMANN # Gestartet von : C:\Users\Tobias Bormann\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : BackupStack ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\TOBIAS~1\AppData\Local\Temp\OCS Datei Gelöscht : C:\Users\Tobias Bormann\AppData\Roaming\Mozilla\Firefox\Profiles\c9my3rcw.default\user.js Datei Gelöscht : C:\Users\Tobias Bormann\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\user.js ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (de) [ Datei : C:\Users\Tobias Bormann\AppData\Roaming\Mozilla\Firefox\Profiles\c9my3rcw.default\prefs.js ] [ Datei : C:\Users\Tobias Bormann\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js ] ************************* AdwCleaner[R0].txt - [15536 octets] - [27/10/2013 18:34:43] AdwCleaner[R1].txt - [1858 octets] - [27/10/2013 19:03:35] AdwCleaner[R2].txt - [1918 octets] - [27/10/2013 21:12:28] AdwCleaner[R3].txt - [1738 octets] - [28/10/2013 18:46:17] AdwCleaner[S0].txt - [14735 octets] - [27/10/2013 18:35:29] AdwCleaner[S1].txt - [1561 octets] - [28/10/2013 18:47:58] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1621 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows 7 Professional N x64 Ran by Tobias Bormann on 28.10.2013 at 18:55:04,40 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-863007269-3327651176-2838562499-1000\Software\SweetIM ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" ~~~ FireFox Emptied folder: C:\Users\Tobias Bormann\AppData\Roaming\mozilla\firefox\profiles\c9my3rcw.default\minidumps [14 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.10.2013 at 19:00:25,86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013 Ran by Tobias Bormann (administrator) on TOBIASBORMANN on 28-10-2013 19:03:55 Running from C:\Users\Tobias Bormann\Downloads Windows 7 Professional N Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Sentelic Corporation) C:\Program Files\FSP\FspUip.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe () C:\Program Files (x86)\PHotkey\PVDesktop.exe (Microsoft Corporation) C:\Windows.old\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\Tobias Bormann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Program Files (x86)\PHotkey\PVDAgent.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Pegatron Corporation) C:\Program Files (x86)\PHotkey\MsOsd.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [fspuip] - C:\Program Files\FSP\FspUip.exe [4055552 2010-11-08] (Sentelic Corporation) HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Spotify] - C:\Users\Tobias Bormann\AppData\Roaming\Spotify\spotify.exe [4752384 2013-10-21] (Spotify Ltd) HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tobias Bormann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-21] (Spotify Ltd) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MountPoints2: {bed104ba-1c9c-11e3-99ba-806e6f6e6963} - E:\InstallAll.exe HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2010-12-24] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-24] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7368155B5BB1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {00078E95-3A4A-4137-8DE7-2824908D1C17} - No File Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Tobias Bormann\AppData\Roaming\Mozilla\Firefox\Profiles\c9my3rcw.default FF SearchEngineOrder.3: Bing FF Homepage: www.t-online.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-14] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-14] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.) R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2010-12-10] () R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-12-10] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-14] (Avira Operations GmbH & Co. KG) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-17] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-17] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130921.001\IDSvia64.sys [520280 2013-09-18] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130921.005\ENG64.SYS [126040 2013-09-17] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130921.005\EX64.SYS [2099288 2013-09-17] (Symantec Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2010-12-10] (PEGATRON) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-09-18] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-28 19:00 - 2013-10-28 19:00 - 00001239 _____ C:\Users\Tobias Bormann\Desktop\JRT.txt 2013-10-28 18:55 - 2013-10-28 18:55 - 00000000 ____D C:\Windows\ERUNT 2013-10-28 18:54 - 2013-10-28 18:54 - 01033335 _____ (Thisisu) C:\Users\Tobias Bormann\Downloads\JRT.exe 2013-10-28 18:12 - 2013-10-28 18:13 - 00017564 _____ C:\Users\Tobias Bormann\Downloads\Addition.txt 2013-10-28 18:11 - 2013-10-28 18:11 - 00000000 ____D C:\FRST 2013-10-28 18:10 - 2013-10-28 18:10 - 01956538 _____ (Farbar) C:\Users\Tobias Bormann\Downloads\FRST64.exe 2013-10-27 21:58 - 2013-10-27 21:58 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Malwarebytes 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-27 21:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-27 21:51 - 2013-10-27 21:51 - 00614816 _____ C:\Users\Tobias Bormann\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2013-10-27 21:47 - 2013-10-27 21:50 - 00610004 _____ (Malwarebytes Corporation ) C:\Users\Tobias Bormann\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-10-27 21:44 - 2013-10-27 21:46 - 00240624 _____ (Malwarebytes Corporation ) C:\Users\Tobias Bormann\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-27 18:34 - 2013-10-28 18:48 - 00000000 ____D C:\AdwCleaner 2013-10-27 18:34 - 2013-10-27 18:34 - 01060070 _____ C:\Users\Tobias Bormann\Downloads\adwcleaner.exe 2013-10-27 18:26 - 2013-10-27 18:26 - 00752096 _____ C:\Users\Tobias Bormann\Downloads\ZipExtractorSetup.exe 2013-10-27 16:44 - 2013-10-27 16:44 - 00159144 _____ (Microsoft Corporation) C:\Users\Tobias Bormann\Downloads\WindowsActivationUpdate.exe 2013-10-27 16:43 - 2013-10-27 16:43 - 00189617 _____ C:\Users\Tobias Bormann\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe.part 2013-10-27 16:37 - 2013-10-27 16:37 - 00003230 _____ C:\Windows\System32\Tasks\{ABE14372-8353-40D1-BAB5-8A3B843217F5} 2013-10-27 16:36 - 2013-10-27 16:52 - 00003434 _____ C:\Windows\wmsetup.log 2013-10-27 16:36 - 2013-10-27 16:36 - 25842736 _____ (Microsoft Corporation) C:\Users\Tobias Bormann\Downloads\wmp11-windowsxp-x86-DE-DE.exe 2013-10-27 15:03 - 2013-10-27 15:07 - 208740130 _____ C:\Users\Tobias Bormann\Downloads\eclipse-standard-kepler-SR1-win32-x86_64.zip 2013-10-26 20:04 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-26 20:04 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-26 20:04 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-26 20:04 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-26 20:03 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-26 20:03 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-26 20:03 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-14 16:39 - 2013-10-14 16:39 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-10-13 17:26 - 2013-10-13 17:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\Documents\samsung 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Samsung 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Samsung 2013-10-13 17:11 - 2013-10-13 17:11 - 00002012 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2013-10-13 17:11 - 2013-10-13 17:11 - 00002002 _____ C:\Users\Public\Desktop\Samsung Kies.lnk 2013-10-13 17:09 - 2013-10-13 17:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-13 16:24 - 2013-07-18 13:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2013-10-13 16:23 - 2013-07-18 13:32 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll 2013-10-13 16:22 - 2013-10-13 16:30 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-10-13 16:22 - 2013-10-13 16:29 - 00000000 ____D C:\ProgramData\Samsung 2013-10-13 16:20 - 2009-07-14 02:41 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL 2013-10-13 16:20 - 2009-07-14 02:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL 2013-10-13 16:20 - 2009-07-14 02:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe 2013-10-13 16:20 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL 2013-10-13 16:20 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe 2013-10-13 16:19 - 2009-07-14 02:41 - 03027456 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 02544128 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00781312 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00611328 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00430592 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00397312 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2013-10-13 16:19 - 2009-07-14 02:41 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll 2013-10-13 16:19 - 2009-07-14 02:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 01200640 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2013-10-13 16:19 - 2009-07-14 02:40 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2013-10-13 16:19 - 2009-07-14 02:39 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe 2013-10-13 16:19 - 2009-07-14 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2013-10-13 16:19 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidx.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmcodecdspps.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdmps.dll 2013-10-13 16:19 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdmlog.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2013-10-13 16:19 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswmdm.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2013-10-13 16:19 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2013-10-13 16:19 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2013-10-13 16:19 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LAPRXY.DLL 2013-10-13 16:19 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll 2013-10-13 16:19 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe 2013-10-13 16:19 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asferror.dll 2013-10-13 16:19 - 2009-06-10 21:52 - 00316640 _____ C:\Windows\WMSysPr9.prx 2013-10-13 16:18 - 2013-10-13 16:18 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Downloaded Installations 2013-10-13 16:16 - 2013-10-13 16:17 - 70111336 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Tobias Bormann\Downloads\KiesSetup.exe 2013-10-13 06:38 - 2013-10-13 06:38 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-10-13 06:38 - 2013-10-13 06:38 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-10-12 16:16 - 2013-10-13 15:19 - 00008976 _____ C:\Users\Tobias Bormann\Documents\Mappe1.xlsx 2013-10-12 10:18 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-12 10:18 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-12 10:18 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-12 10:18 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-12 10:18 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-12 10:18 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-12 10:18 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-12 10:18 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-12 10:18 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-12 10:18 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-12 10:18 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-12 10:18 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-11 13:50 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-11 13:50 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-11 13:50 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-11 13:50 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-11 13:50 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-11 13:50 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-11 13:50 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-11 13:50 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-11 13:50 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-11 13:50 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-11 13:50 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-11 13:50 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-11 13:50 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-11 13:50 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-11 13:50 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-11 13:50 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-11 13:50 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-11 13:50 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-11 13:50 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-11 13:50 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-11 13:50 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-11 13:50 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 13:50 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 13:50 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-11 13:50 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-11 13:50 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-11 13:50 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-11 13:50 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-11 13:50 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-11 13:50 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-11 13:50 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-11 13:50 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-11 13:50 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-11 13:50 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-11 13:50 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-11 13:50 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-11 13:50 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-11 13:50 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-11 13:50 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-11 13:50 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-11 13:50 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-11 13:50 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-11 13:50 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-11 13:50 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-11 13:50 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-11 13:49 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-08 14:42 - 2013-10-08 14:42 - 00002598 _____ C:\Users\Tobias Bormann\Documents\Schlüssel.pfx 2013-10-06 19:05 - 2013-10-06 19:05 - 00000000 ____D C:\Users\Tobias Bormann\Downloads\best 2013-10-06 02:26 - 2013-10-06 02:26 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-10-06 02:26 - 2013-10-06 02:26 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\DVDVideoSoft 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-10-05 19:50 - 2013-10-05 19:52 - 28795304 _____ (DVDVideoSoft Ltd. ) C:\Users\Tobias Bormann\Downloads\Free31213YouTubeToMP3Converter.exe 2013-10-05 10:07 - 2013-10-14 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2013-10-05 10:07 - 2013-10-05 10:07 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-05 10:04 - 2013-10-16 22:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-10-05 10:04 - 2013-10-14 22:50 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-05 10:04 - 2013-10-05 10:04 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Microsoft Help 2013-10-05 10:04 - 2013-10-05 10:04 - 00000000 ____D C:\Program Files\Microsoft Office 2013-10-02 18:08 - 2013-10-02 18:08 - 04029552 _____ C:\Users\Tobias Bormann\Downloads\rest 2.zip 2013-10-02 18:07 - 2013-10-02 18:08 - 05052335 _____ C:\Users\Tobias Bormann\Downloads\best.zip 2013-10-02 18:07 - 2013-10-02 18:08 - 03698519 _____ C:\Users\Tobias Bormann\Downloads\rest 1.zip 2013-10-02 18:06 - 2013-10-02 18:06 - 04754072 _____ C:\Users\Tobias Bormann\Downloads\fail.zip 2013-10-01 14:17 - 2013-10-05 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-10-28 19:00 - 2013-10-28 19:00 - 00001239 _____ C:\Users\Tobias Bormann\Desktop\JRT.txt 2013-10-28 18:58 - 2009-07-14 05:50 - 00020144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-28 18:58 - 2009-07-14 05:50 - 00020144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-28 18:55 - 2013-10-28 18:55 - 00000000 ____D C:\Windows\ERUNT 2013-10-28 18:55 - 2013-09-13 20:00 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4805FE7A-7BDC-4C66-82E6-4CA9ADFF3B82} 2013-10-28 18:54 - 2013-10-28 18:54 - 01033335 _____ (Thisisu) C:\Users\Tobias Bormann\Downloads\JRT.exe 2013-10-28 18:54 - 2011-04-12 09:14 - 00654166 _____ C:\Windows\system32\perfh007.dat 2013-10-28 18:54 - 2011-04-12 09:14 - 00130006 _____ C:\Windows\system32\perfc007.dat 2013-10-28 18:54 - 2009-07-14 06:12 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-28 18:51 - 2013-09-18 16:51 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Skype 2013-10-28 18:50 - 2013-09-14 20:55 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Spotify 2013-10-28 18:49 - 2013-09-17 15:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-10-28 18:49 - 2011-03-30 04:38 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-28 18:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-28 18:49 - 2009-07-14 05:56 - 00033530 _____ C:\Windows\setupact.log 2013-10-28 18:48 - 2013-10-27 18:34 - 00000000 ____D C:\AdwCleaner 2013-10-28 18:48 - 2013-09-13 18:52 - 01578142 _____ C:\Windows\WindowsUpdate.log 2013-10-28 18:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2013-10-28 18:13 - 2013-10-28 18:12 - 00017564 _____ C:\Users\Tobias Bormann\Downloads\Addition.txt 2013-10-28 18:11 - 2013-10-28 18:11 - 00000000 ____D C:\FRST 2013-10-28 18:10 - 2013-10-28 18:10 - 01956538 _____ (Farbar) C:\Users\Tobias Bormann\Downloads\FRST64.exe 2013-10-28 18:07 - 2013-09-14 16:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-28 14:14 - 2010-11-21 04:47 - 00009350 _____ C:\Windows\PFRO.log 2013-10-27 21:58 - 2013-10-27 21:58 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Malwarebytes 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-27 21:58 - 2013-10-27 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-27 21:51 - 2013-10-27 21:51 - 00614816 _____ C:\Users\Tobias Bormann\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2013-10-27 21:50 - 2013-10-27 21:47 - 00610004 _____ (Malwarebytes Corporation ) C:\Users\Tobias Bormann\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-10-27 21:46 - 2013-10-27 21:44 - 00240624 _____ (Malwarebytes Corporation ) C:\Users\Tobias Bormann\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-27 21:41 - 2013-09-18 20:24 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\vlc 2013-10-27 18:35 - 2013-09-13 19:23 - 00000000 ___RD C:\Users\Tobias Bormann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-27 18:34 - 2013-10-27 18:34 - 01060070 _____ C:\Users\Tobias Bormann\Downloads\adwcleaner.exe 2013-10-27 18:26 - 2013-10-27 18:26 - 00752096 _____ C:\Users\Tobias Bormann\Downloads\ZipExtractorSetup.exe 2013-10-27 18:15 - 2013-09-17 14:56 - 00000000 ____D C:\Users\UpdatusUser.TobiasBormann 2013-10-27 16:52 - 2013-10-27 16:36 - 00003434 _____ C:\Windows\wmsetup.log 2013-10-27 16:44 - 2013-10-27 16:44 - 00159144 _____ (Microsoft Corporation) C:\Users\Tobias Bormann\Downloads\WindowsActivationUpdate.exe 2013-10-27 16:43 - 2013-10-27 16:43 - 00189617 _____ C:\Users\Tobias Bormann\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe.part 2013-10-27 16:37 - 2013-10-27 16:37 - 00003230 _____ C:\Windows\System32\Tasks\{ABE14372-8353-40D1-BAB5-8A3B843217F5} 2013-10-27 16:36 - 2013-10-27 16:36 - 25842736 _____ (Microsoft Corporation) C:\Users\Tobias Bormann\Downloads\wmp11-windowsxp-x86-DE-DE.exe 2013-10-27 15:07 - 2013-10-27 15:03 - 208740130 _____ C:\Users\Tobias Bormann\Downloads\eclipse-standard-kepler-SR1-win32-x86_64.zip 2013-10-25 13:10 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-10-20 19:33 - 2013-09-14 20:56 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Spotify 2013-10-16 22:53 - 2013-10-05 10:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-10-16 18:45 - 2013-09-17 15:17 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Virtual Desktop Manager 2013-10-14 22:50 - 2013-10-05 10:04 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-14 20:39 - 2013-09-17 15:00 - 00068328 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-14 20:39 - 2013-09-17 15:00 - 00068328 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-14 20:35 - 2013-09-21 13:12 - 00000000 ____D C:\Program Files (x86)\Epson Software 2013-10-14 20:30 - 2013-09-13 20:26 - 00068328 _____ C:\Users\Tobias Bormann\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-14 20:30 - 2009-07-14 05:50 - 00299024 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-14 16:39 - 2013-10-14 16:39 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-10-14 16:39 - 2013-09-14 16:37 - 00001941 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-10-14 14:27 - 2013-10-05 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2013-10-13 17:26 - 2013-10-13 17:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\Documents\samsung 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\Samsung 2013-10-13 17:13 - 2013-10-13 17:13 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Samsung 2013-10-13 17:13 - 2013-09-18 15:10 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\CrashDumps 2013-10-13 17:11 - 2013-10-13 17:11 - 00002012 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2013-10-13 17:11 - 2013-10-13 17:11 - 00002002 _____ C:\Users\Public\Desktop\Samsung Kies.lnk 2013-10-13 17:09 - 2013-10-13 17:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-13 17:07 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Portable Devices 2013-10-13 17:07 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2013-10-13 17:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-10-13 16:30 - 2013-10-13 16:22 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-10-13 16:29 - 2013-10-13 16:22 - 00000000 ____D C:\ProgramData\Samsung 2013-10-13 16:23 - 2011-03-30 04:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-13 16:18 - 2013-10-13 16:18 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Downloaded Installations 2013-10-13 16:17 - 2013-10-13 16:16 - 70111336 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Tobias Bormann\Downloads\KiesSetup.exe 2013-10-13 15:19 - 2013-10-12 16:16 - 00008976 _____ C:\Users\Tobias Bormann\Documents\Mappe1.xlsx 2013-10-13 06:38 - 2013-10-13 06:38 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-10-13 06:38 - 2013-10-13 06:38 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-10-12 16:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports 2013-10-12 12:00 - 2013-09-18 16:51 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-12 12:00 - 2013-09-18 16:50 - 00000000 ____D C:\ProgramData\Skype 2013-10-12 10:15 - 2013-09-18 15:23 - 00000000 ____D C:\Windows\system32\MRT 2013-10-12 10:13 - 2013-09-18 15:22 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-10 15:19 - 2013-09-14 16:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-10 15:18 - 2013-09-14 16:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-10 15:18 - 2013-09-14 16:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-10 14:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-08 14:42 - 2013-10-08 14:42 - 00002598 _____ C:\Users\Tobias Bormann\Documents\Schlüssel.pfx 2013-10-06 19:05 - 2013-10-06 19:05 - 00000000 ____D C:\Users\Tobias Bormann\Downloads\best 2013-10-06 02:26 - 2013-10-06 02:26 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-10-06 02:26 - 2013-10-06 02:26 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-10-05 19:54 - 2013-10-01 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Roaming\DVDVideoSoft 2013-10-05 19:53 - 2013-10-05 19:53 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-10-05 19:52 - 2013-10-05 19:50 - 28795304 _____ (DVDVideoSoft Ltd. ) C:\Users\Tobias Bormann\Downloads\Free31213YouTubeToMP3Converter.exe 2013-10-05 19:43 - 2013-09-14 16:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-05 10:07 - 2013-10-05 10:07 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-05 10:06 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-10-05 10:04 - 2013-10-05 10:04 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Microsoft Help 2013-10-05 10:04 - 2013-10-05 10:04 - 00000000 ____D C:\Program Files\Microsoft Office 2013-10-05 10:04 - 2009-07-14 08:45 - 00000000 ____D C:\Windows\ShellNew 2013-10-02 18:08 - 2013-10-02 18:08 - 04029552 _____ C:\Users\Tobias Bormann\Downloads\rest 2.zip 2013-10-02 18:08 - 2013-10-02 18:07 - 05052335 _____ C:\Users\Tobias Bormann\Downloads\best.zip 2013-10-02 18:08 - 2013-10-02 18:07 - 03698519 _____ C:\Users\Tobias Bormann\Downloads\rest 1.zip 2013-10-02 18:06 - 2013-10-02 18:06 - 04754072 _____ C:\Users\Tobias Bormann\Downloads\fail.zip 2013-10-02 17:23 - 2013-09-14 16:28 - 00000000 ____D C:\Users\Tobias Bormann\AppData\Local\Mozilla Some content of TEMP: ==================== C:\Users\Tobias Bormann\AppData\Local\Temp\BackupSetup.exe C:\Users\Tobias Bormann\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe C:\Users\Tobias Bormann\AppData\Local\Temp\ose00000.exe C:\Users\Tobias Bormann\AppData\Local\Temp\vcredist_x64.exe C:\Users\Tobias Bormann\AppData\Local\Temp\_is3F12.exe C:\Users\Tobias Bormann\AppData\Local\Temp\_is77CD.exe C:\Users\Tobias Bormann\AppData\Local\Temp\_isAF8.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-22 19:49 ==================== End Of Log ============================ --- --- --- und nun? Malwarebytes sagt jetzt sinds nur noch 22 Dateien |
29.10.2013, 13:42 | #4 |
/// the machine /// TB-Ausbilder | PUP.Optional.... 23 Infizierte Dateien lösch die mit MBAM. ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |