| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: DealPly Windows Defender-Warnung und Fund von Malware durch MalwarebytesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.01.2014, 19:09
| #1 |
| |  DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes Hallo, angefangen hat alles wohl mit der Installation von JDownloader 2. Da wurde anscheinend das Programm/Toolbar "DealPly" mitinstalliert, worauf es zu dieser Warnung durch den Windows Defender kam : Ich habe das Programm dann durch Windows Defender entfernen lassen, war mir jedoch unsicher, ob es wirklich komplett entfernt wurde. Ich habe mir dann Malwarebytes Anti-Rootkit (MBAR) heruntergeladen und meinen PC scannen lassen. Dabei wurde weitere Malware gefunden und dann auch durch das Programm entfernt. Hier das Log dazu: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.05.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Admin :: ASUSN82JV [Administrator] Schutz: Aktiviert 05.01.2014 17:43:28 mbam-log-2014-01-05 (17-43-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 272814 Laufzeit: 8 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Admin\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 4 HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\aartemisSoftware\aartemishp (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0H1L1J1L1S1R1N -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Aartemis) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1388447989&from=cor&uid=ST9500325AS_5VEC0GV5XXXX5VEC0GV5) Gut: (iexplore.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 2 C:\Users\Admin\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Löschen bei Neustart. C:\Users\Admin\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 6 C:\Users\Admin\AppData\Local\Temp\fullpackage_temp1388447944\tmp\NewGdp.exe (PUP.Optional.WpManager.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Local\Temp\is1070216317\34940919_stp\cor_aartemis.exe (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael\AppData\Local\Temp\KMP_3.6.0.87.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. C:\Users\Admin\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
11.01.2014, 23:31
| #2 |
| /// TB-Ausbilder   | DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes Hallo,
__________________mach bitte einen FRST-Scan: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.01.2014, 00:09
| #3 |
| | DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes FRST.txt:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 05 Ran by Michael (ATTENTION: The logged in user is not administrator) on ASUSN82JV on 11-01-2014 23:55:30 Running from C:\Users\Michael\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe (Secomba GmbH) C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (ALi) C:\Windows\WebCam\S6000\S6000Mnt.exe (Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AppWork GmbH) C:\Users\Admin\AppData\Local\JDownloader v2.0\JDownloader2.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [S6000Mnt] - C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\RunOnce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [140544 2013-05-09] (AVAST Software) HKLM-x32\...\RunOnce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [303248 2013-05-09] (AVAST Software) HKLM-x32\...\RunOnce: [aswasOutExt64.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll" [477336 2013-05-09] (AVAST Software) HKLM-x32\...\RunOnce: [20131011] - C:\Program Files\AVAST Software\Avast\setup\emupdate\92c50e77-3713-4654-90d8-58eed3c004ea.exe /check [164240 2013-10-11] (AVAST Software) HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\2050b1d8-ad07-4940-8441-f1fb3681afaf.exe /check [181136 2013-12-30] (AVAST Software) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [Boxcryptor.exe] - C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe [992512 2013-07-24] (Secomba GmbH) HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia) HKCU\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-03-31] (Arainia Solutions) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) MountPoints2: F - F:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) SSODL: EldosMountNotificator-cbfs4 - {EFCAC3A7-6BD6-4FAB-A359-BC40E5A1B20F} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {EFCAC3A7-6BD6-4FAB-A359-BC40E5A1B20F} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388447989&from=cor&uid=ST9500325AS_5VEC0GV5XXXX5VEC0GV5&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388447989&from=cor&uid=ST9500325AS_5VEC0GV5XXXX5VEC0GV5&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388447989&from=cor&uid=ST9500325AS_5VEC0GV5XXXX5VEC0GV5&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388447989&from=cor&uid=ST9500325AS_5VEC0GV5XXXX5VEC0GV5&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388447989&from=cor&uid=ST9500325AS_5VEC0GV5XXXX5VEC0GV5&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388447989&from=cor&uid=ST9500325AS_5VEC0GV5XXXX5VEC0GV5&q={searchTerms} BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6C697757-396D-4277-97A3-BBF08E3EE139}: [NameServer]212.23.115.84 212.23.115.148 FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default FF SelectedSearchEngine: WEB.DE Suche FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://go.web.de/tb/mff_keyurl_search/?su= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\Extensions\ich@maltegoetz.de [2013-12-12] FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\Extensions\staged [2014-01-10] FF Extension: DownloadHelper - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-11-23] FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-05] FF Extension: DownThemAll! - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-16] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-15] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-02-16] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2013-03-31] (Arainia Solutions) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( ) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-02-21] () R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) S3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [114824 2012-08-09] (Mentor Graphics Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-25] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-25] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-25] () R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-07-03] (EldoS Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-30] (DT Soft Ltd) R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2013-03-31] (Arainia Solutions LLC) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC) S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2013-02-26] (Texas Instruments) R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-11 23:55 - 2014-01-11 23:56 - 00019789 _____ C:\Users\Michael\Desktop\FRST.txt 2014-01-11 23:55 - 2014-01-11 23:55 - 00000000 ____D C:\FRST 2014-01-11 23:48 - 2014-01-11 23:48 - 02076672 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2014-01-10 00:17 - 2014-01-10 00:17 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-08 19:46 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BHBE.DLL 2014-01-08 19:46 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2014-01-06 00:30 - 2014-01-06 00:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-06 00:30 - 2014-01-06 00:30 - 00000000 ____D C:\Program Files\Java 2014-01-06 00:24 - 2014-01-06 00:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-06 00:24 - 2014-01-06 00:23 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-06 00:24 - 2014-01-06 00:23 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-06 00:24 - 2014-01-06 00:23 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-06 00:23 - 2014-01-06 00:23 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-06 00:22 - 2014-01-09 17:27 - 00170496 _____ C:\Users\Michael\Desktop\Ausgaben-Schablone 2014.XLS 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-05 17:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-31 18:17 - 2013-12-31 18:17 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner 2013-12-31 18:14 - 2014-01-06 01:24 - 00002288 _____ C:\Users\Admin\Desktop\JDownloader 2.lnk 2013-12-31 18:14 - 2013-12-31 18:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2013-12-31 18:12 - 2014-01-06 01:24 - 00000000 ____D C:\Users\Admin\AppData\Local\JDownloader v2.0 2013-12-31 18:03 - 2013-12-31 18:03 - 01177008 _____ C:\Users\Michael\Desktop\31122013a.dlc 2013-12-31 18:03 - 2013-12-31 18:03 - 00000000 _____ C:\Users\Michael\Desktop\31122013b.jdc 2013-12-31 17:48 - 2013-12-31 17:48 - 03812240 _____ C:\Users\Michael\Desktop\test.jdc 2013-12-31 01:24 - 2013-12-31 01:24 - 00000000 ____D C:\ProgramData\Oracle 2013-12-31 01:02 - 2013-12-31 01:02 - 00000000 ____D C:\Users\Admin\AppData\Local\cache 2013-12-31 01:02 - 2013-12-31 01:02 - 00000000 ____D C:\Users\Admin\.android 2013-12-31 01:01 - 2013-12-31 01:04 - 00000000 ____D C:\Users\Admin\AppData\Local\Mobogenie 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 ____D C:\Users\Admin\Documents\Mobogenie 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 ____D C:\Users\Admin\AppData\Local\genienext 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 _____ C:\Users\Admin\daemonprocess.txt 2013-12-31 01:00 - 2013-12-31 01:20 - 00000000 ____D C:\ProgramData\WPM 2013-12-31 01:00 - 2013-12-31 01:04 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-24 13:04 - 2013-12-27 01:49 - 00000144 _____ C:\Users\Michael\Desktop\Neues Textdokument.txt 2013-12-24 12:56 - 2013-12-24 12:56 - 00000222 _____ C:\Users\Michael\Desktop\Torchlight II.url 2013-12-21 11:19 - 2013-12-21 11:19 - 00000000 ____D C:\Users\Michael\Documents\My Games 2013-12-21 09:39 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00069448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2013-12-21 09:39 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2013-12-21 09:39 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2013-12-21 09:39 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2013-12-21 09:39 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2013-12-21 09:39 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2013-12-21 09:38 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2013-12-21 09:38 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2013-12-21 09:38 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2013-12-21 09:38 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2013-12-21 09:38 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2013-12-21 09:38 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2013-12-21 09:38 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2013-12-21 09:38 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2013-12-21 09:38 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2013-12-21 09:38 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2013-12-21 09:38 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2013-12-21 09:38 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2013-12-21 09:38 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2013-12-21 09:38 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2013-12-21 09:38 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2013-12-21 09:38 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2013-12-21 09:38 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2013-12-21 09:38 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2013-12-21 09:38 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2013-12-21 09:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2013-12-21 09:38 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2013-12-21 09:38 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2013-12-21 09:38 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2013-12-21 09:38 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2013-12-21 09:38 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2013-12-21 09:38 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2013-12-21 09:38 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2013-12-21 09:38 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2013-12-21 09:38 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2013-12-21 09:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2013-12-21 09:38 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2013-12-21 09:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2013-12-21 09:38 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2013-12-21 09:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2013-12-21 09:38 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2013-12-21 09:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2013-12-21 09:38 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2013-12-21 09:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2013-12-21 09:38 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2013-12-21 09:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2013-12-21 09:38 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2013-12-21 09:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2013-12-21 09:38 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2013-12-21 09:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2013-12-21 09:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2013-12-21 09:38 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2013-12-21 09:38 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2013-12-21 09:38 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2013-12-21 09:38 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2013-12-21 09:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2013-12-21 09:38 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2013-12-21 09:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2013-12-21 09:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2013-12-21 09:38 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2013-12-21 09:38 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2013-12-21 09:38 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2013-12-21 09:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2013-12-21 09:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2013-12-21 09:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2013-12-21 09:38 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2013-12-21 09:38 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2013-12-21 09:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2013-12-21 09:38 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2013-12-21 09:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2013-12-21 09:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2013-12-21 09:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2013-12-21 09:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2013-12-21 09:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2013-12-21 09:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2013-12-21 09:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2013-12-21 09:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2013-12-21 09:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2013-12-21 09:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2013-12-21 09:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2013-12-21 09:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2013-12-21 09:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2013-12-21 09:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2013-12-21 09:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2013-12-21 09:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2013-12-21 09:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2013-12-21 09:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2013-12-21 09:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2013-12-21 00:04 - 2013-12-21 00:04 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-12-20 19:39 - 2014-01-11 18:14 - 00000000 ____D C:\Program Files (x86)\Steam ==================== One Month Modified Files and Folders ======= 2014-01-11 23:56 - 2014-01-11 23:55 - 00019789 _____ C:\Users\Michael\Desktop\FRST.txt 2014-01-11 23:55 - 2014-01-11 23:55 - 00000000 ____D C:\FRST 2014-01-11 23:52 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-11 23:52 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-11 23:48 - 2014-01-11 23:48 - 02076672 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2014-01-11 23:43 - 2013-06-29 20:46 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-11 23:20 - 2013-02-15 11:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-11 23:06 - 2009-07-14 05:51 - 00052422 _____ C:\Windows\setupact.log 2014-01-11 23:03 - 2013-02-14 22:02 - 01258584 _____ C:\Windows\WindowsUpdate.log 2014-01-11 19:43 - 2013-06-29 20:45 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-11 18:14 - 2013-12-20 19:39 - 00000000 ____D C:\Program Files (x86)\Steam 2014-01-11 13:10 - 2013-04-16 12:32 - 00000546 _____ C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job 2014-01-10 00:17 - 2014-01-10 00:17 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-09 17:27 - 2014-01-06 00:22 - 00170496 _____ C:\Users\Michael\Desktop\Ausgaben-Schablone 2014.XLS 2014-01-08 23:44 - 2011-04-12 08:43 - 00696942 _____ C:\Windows\system32\perfh007.dat 2014-01-08 23:44 - 2011-04-12 08:43 - 00148206 _____ C:\Windows\system32\perfc007.dat 2014-01-08 23:44 - 2009-07-14 06:13 - 01612776 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-08 18:11 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2014-01-06 01:24 - 2013-12-31 18:14 - 00002288 _____ C:\Users\Admin\Desktop\JDownloader 2.lnk 2014-01-06 01:24 - 2013-12-31 18:12 - 00000000 ____D C:\Users\Admin\AppData\Local\JDownloader v2.0 2014-01-06 01:21 - 2013-02-15 11:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-06 01:21 - 2013-02-15 11:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-06 00:30 - 2014-01-06 00:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-06 00:30 - 2014-01-06 00:30 - 00000000 ____D C:\Program Files\Java 2014-01-06 00:27 - 2013-12-05 08:56 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2014-01-06 00:25 - 2013-02-20 09:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2014-01-06 00:25 - 2013-02-15 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2014-01-06 00:23 - 2014-01-06 00:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-06 00:23 - 2014-01-06 00:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-06 00:23 - 2014-01-06 00:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-06 00:23 - 2014-01-06 00:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-06 00:23 - 2014-01-06 00:23 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-05 18:17 - 2013-02-16 12:51 - 00001684 _____ C:\Windows\Sandboxie.ini 2014-01-05 18:11 - 2013-02-16 00:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2014-01-05 18:08 - 2013-11-17 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2014-01-05 18:08 - 2010-11-21 04:47 - 00073502 _____ C:\Windows\PFRO.log 2014-01-05 18:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-31 18:17 - 2013-12-31 18:17 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner 2013-12-31 18:14 - 2013-12-31 18:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2013-12-31 18:04 - 2013-03-03 16:48 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-12-31 18:03 - 2013-12-31 18:03 - 01177008 _____ C:\Users\Michael\Desktop\31122013a.dlc 2013-12-31 18:03 - 2013-12-31 18:03 - 00000000 _____ C:\Users\Michael\Desktop\31122013b.jdc 2013-12-31 17:48 - 2013-12-31 17:48 - 03812240 _____ C:\Users\Michael\Desktop\test.jdc 2013-12-31 16:37 - 2013-02-15 23:32 - 00170496 _____ C:\Users\Michael\Desktop\Ausgaben-Schablone 2013.XLS 2013-12-31 01:36 - 2013-03-31 10:34 - 00000000 ____D C:\Users\Michael\AppData\Local\Captcha_Brotherhood 2013-12-31 01:24 - 2013-12-31 01:24 - 00000000 ____D C:\ProgramData\Oracle 2013-12-31 01:20 - 2013-12-31 01:00 - 00000000 ____D C:\ProgramData\WPM 2013-12-31 01:20 - 2013-02-14 22:06 - 00001425 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-31 01:04 - 2013-12-31 01:01 - 00000000 ____D C:\Users\Admin\AppData\Local\Mobogenie 2013-12-31 01:04 - 2013-12-31 01:00 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-31 01:02 - 2013-12-31 01:02 - 00000000 ____D C:\Users\Admin\AppData\Local\cache 2013-12-31 01:02 - 2013-12-31 01:02 - 00000000 ____D C:\Users\Admin\.android 2013-12-31 01:02 - 2013-02-14 22:06 - 00000000 ____D C:\Users\Admin 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 ____D C:\Users\Admin\Documents\Mobogenie 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 ____D C:\Users\Admin\AppData\Local\genienext 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 _____ C:\Users\Admin\daemonprocess.txt 2013-12-28 18:34 - 2013-02-18 20:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2013-12-27 01:49 - 2013-12-24 13:04 - 00000144 _____ C:\Users\Michael\Desktop\Neues Textdokument.txt 2013-12-26 11:53 - 2013-05-11 21:36 - 00069320 _____ C:\Users\Michael\Desktop\Trainingsbuch-2013.xlsm 2013-12-24 12:56 - 2013-12-24 12:56 - 00000222 _____ C:\Users\Michael\Desktop\Torchlight II.url 2013-12-21 11:19 - 2013-12-21 11:19 - 00000000 ____D C:\Users\Michael\Documents\My Games 2013-12-21 09:38 - 2013-05-29 19:14 - 00072726 _____ C:\Windows\DirectX.log 2013-12-21 00:04 - 2013-12-21 00:04 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-12-15 11:40 - 2013-07-10 22:25 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 11:34 - 2013-02-14 23:47 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-12 09:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\AcDeltree.exe C:\Users\Admin\AppData\Local\Temp\AutoRun.exe C:\Users\Admin\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Admin\AppData\Local\Temp\EAInstall.dll C:\Users\Admin\AppData\Local\Temp\eauninstall.exe C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Admin\AppData\Local\Temp\ose00000.exe C:\Users\Admin\AppData\Local\Temp\PIPInstaller_PTV_.exe C:\Users\Admin\AppData\Local\Temp\proxy_vole7149757329711055403.dll C:\Users\Admin\AppData\Local\Temp\removeKCL.EXE C:\Users\Admin\AppData\Local\Temp\removeKTID.EXE C:\Users\Admin\AppData\Local\Temp\remTIDShortcut.EXE C:\Users\Admin\AppData\Local\Temp\RestorePreviousVersion.EXE C:\Users\Admin\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe C:\Users\Admin\AppData\Local\Temp\writeLogFile.EXE C:\Users\Michael\AppData\Local\Temp\jna3405360190786318313.dll C:\Users\Michael\AppData\Local\Temp\jna609717743705153212.dll C:\Users\Michael\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Michael\AppData\Local\Temp\PicasaUpdater_1ce.exe C:\Users\Michael\AppData\Local\Temp\PicasaUpdater_5129.exe C:\Users\Michael\AppData\Local\Temp\ppypd-ts.dll C:\Users\Michael\AppData\Local\Temp\proxy_util_w32.dll C:\Users\Michael\AppData\Local\Temp\removeKTID.EXE C:\Users\Michael\AppData\Local\Temp\remTIDShortcut.EXE C:\Users\Michael\AppData\Local\Temp\SandboxieInstall.exe C:\Users\Michael\AppData\Local\Temp\SkypeSetup.exe C:\Users\Michael\AppData\Local\Temp\TI-Nspire_CAS_Student_Software-3.2.0.1219.exe C:\Users\Michael\AppData\Local\Temp\vlc-2.0.8-win64.exe C:\Users\Michael\AppData\Local\Temp\writeLogFile.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2014 05
Ran by Michael at 2014-01-11 23:57:05
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.22 (x64 edition) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
ape@map (x32 Version: 2.5.6 - Onyx Technologie OG)
ASUS Power4Gear Hybrid (Version: 1.1.41 - ASUS)
ATK Package (x32 Version: 1.0.0007 - ASUS)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Download Manager (x32 Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion for Inventor 2013 Add-in (Version: 1.0.0.111 - Autodesk)
Autodesk Inventor Professional 2013 (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2013 Deutsch (German) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Material Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Simulation Multiphysics 2013 (Version: 2013.00.00.0411 - Autodesk, Inc.)
Autodesk Simulation Multiphysics 2013 (Version: 2013.00.00.0411 - Autodesk, Inc.) Hidden
Autodesk Sync (Version: 3.5.24.0 - Autodesk, Inc.)
Autodesk Vault Basic 2013 (Client) (Version: 17.0.61.0 - Autodesk) Hidden
Autodesk Vault Basic 2013 (Client) (x32 Version: 17.0.61.0 - Autodesk)
Autodesk Vault Basic 2013 (Client) German Language Pack (Version: 17.0.61.0 - Autodesk) Hidden
avast! Free Antivirus (x32 Version: 8.0.1489.0 - AVAST Software)
Boxcryptor 2.0 (x32 Version: 2.0.401.229 - Secomba GmbH)
calibre 64bit (Version: 0.9.31 - Kovid Goyal)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46 - Canon Inc.)
CDBurnerXP (x32 Version: 4.5.2.4255 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)
Das Interaktive Kartenwerk. Österreich (x32 Version: 2.0.4 - MagicMaps)
Das Interaktive Kartenwerk. Schweiz (x32 Version: 2.1.6 - MagicMaps)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Die Schlacht um Mittelerde™ II (x32 Version: - )
Dropbox (HKCU Version: 1.6.18 - Dropbox, Inc.)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Eco Materials Adviser for Autodesk Inventor 2013 (Version: 3.9.12.0 - Granta Design Limited)
EPSON Scan (x32 Version: - Seiko Epson Corporation)
EPSON SX440 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-x64 7.0.5.11_WHQL (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Fusion version 2.4.7 (Version: 2.4.7 - NS-Point)
Gizmo Central (x32 Version: v2.7.9 - Arainia Solutions, LLC)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
ImageMagick 6.8.5-7 Q16 (64-bit) (2013-05-15) (Version: 6.8.5 - ImageMagick Studio LLC)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2291 - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.37 - Irfan Skiljan)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
JDownloader 2 (Version: 2.0 - AppWork GmbH)
KOMPASS Digital Map Südtirol (x32 Version: - KOMPASS Karten GmbH)
KOMPASS Digital Map Tirol (x32 Version: - KOMPASS Karten GmbH)
KOMPASS Digital Map Vorarlberg (x32 Version: - KOMPASS Karten GmbH)
Luminance HDR 2.3.1 (Version: - Luminance HDR Dev Team)
MagicMaps Baden-Württemberg 3.0 (x32 Version: 3.0 - MagicMaps)
MagicMaps Bayern 3.0 (x32 Version: 3.0 - MagicMaps)
MagicMaps Hessen Rheinland-Pfalz Saarland 4.0 (x32 Version: 4.0 - MagicMaps)
MagicMaps Support und Update Tool (x32 Version: 1.1.3 - MagicMaps)
MagicMaps Tour Explorer 25 Deutschland (x32 Version: 4.0.9 - MagicMaps)
MagicMaps Tour Explorer 25 Deutschland (x32 Version: 4.0.9 - MagicMaps) Hidden
MagicMaps Tour Explorer Deutschland (x32 Version: 3.0.6 - MagicMaps)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MATLAB R2012b (Version: 8.0 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mobile Partner (x32 Version: 21.005.20.00.858 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nokia Connectivity Cable Driver (x32 Version: 7.1.172.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
NVIDIA Grafiktreiber 306.97 (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Oberengadin (x32 Version: 2.0 - MagicMaps)
Pandora Service (x32 Version: - Pandora.TV)
PC Connectivity Solution (x32 Version: 12.0.109.0 - Nokia)
PDF Architect (x32 Version: 1.0.52.8917 - pdfforge)
PDF Split And Merge Basic (Version: 2.2.2 - Andrea Vacondio)
PDFCreator (x32 Version: 1.6.2 - pdfforge)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6024 - Realtek Semiconductor Corp.)
Sandboxie 4.06 (64-bit) (Version: 4.06 - Sandboxie Holdings, LLC)
Schnell-Deinstallations-Tool für Autodesk Inventor 2013 (Version: 17.0.13800.0000 - Autodesk)
Secunia PSI (3.0.0.9016) (x32 Version: 3.0.0.9016 - Secunia)
Secure Download Manager (x32 Version: 3.1.01 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.6 (x32 Version: 6.6.106 - Skype Technologies S.A.)
SolidWorks 2012 x64 Edition SP05 (Version: 20.150.80 - SolidWorks) Hidden
SolidWorks 2012 x64 Edition SP05 (x32 Version: 20.5.0.80 - SolidWorks Corporation)
SolidWorks 2012 x64 German Resources (Version: 20.150.80 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2012 x64 Edition SP05 (Version: 12.5.114 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2012 SP05 x64 Edition (Version: 20.50.81 - SolidWorks Corporation) Hidden
SRS Premium Sound Control Panel (Version: 1.8.3800 - SRS Labs, Inc.)
Steam (x32 Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU Version: 3.0.10 - TeamSpeak Systems GmbH)
Texmaker (x32 Version: - )
The KMPlayer (remove only) (x32 Version: 3.6.0.87 - KMP Media co., Ltd)
TI-Nspire(TM) CAS Student Software (x32 Version: 3.2.0.1219 - Texas Instruments Inc.)
Torchlight II (x32 Version: - Runic Games)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
Unterengadin-Mittelbünden (x32 Version: 2.0 - MagicMaps)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
USB2.0 2.0M UVC WebCam (x32 Version: 2.103.13.11 - ALi)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
WIDCOMM Bluetooth Software (Version: 6.2.5.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500) (Version: 06/11/2009 6.2.0.9500 - Broadcom)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
Wisdom-soft ScreenHunter 6.0 Free (x32 Version: - Wisdom Software Inc.)
Wuala (HKCU Version: 1.0.444.0 - LaCie)
Wuala CBFS (x32 Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (x32 Version: 1.0.0.2 - LaCie)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\At1.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => ?
==================== Loaded Modules (whitelisted) =============
2009-08-02 16:54 - 2009-08-02 16:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-01-27 08:11 - 2011-01-27 08:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-06 01:24 - 2014-01-06 01:24 - 00566439 _____ () C:\Users\Admin\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2014-01-06 01:24 - 2014-01-06 01:24 - 04078962 _____ () C:\Users\Admin\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: BT-270
Description: BT-270
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/11/2014 06:40:29 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/10/2014 11:39:40 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/09/2014 05:22:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: KMPlayer.exe, Version: 3.6.0.87, Zeitstempel: 0x516bbfa0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x1bb0
Startzeit der fehlerhaften Anwendung: 0xKMPlayer.exe0
Pfad der fehlerhaften Anwendung: KMPlayer.exe1
Pfad des fehlerhaften Moduls: KMPlayer.exe2
Berichtskennung: KMPlayer.exe3
Error: (01/09/2014 04:59:24 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/08/2014 09:18:58 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/08/2014 03:04:15 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Volume "Boxcryptor" wurde aufgrund eines Fehlers nicht defragmentiert: Unzulässige Funktion. (0x80070001)
Error: (01/08/2014 02:16:18 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/07/2014 11:22:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: KMPlayer.exe, Version: 3.6.0.87, Zeitstempel: 0x516bbfa0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x790
Startzeit der fehlerhaften Anwendung: 0xKMPlayer.exe0
Pfad der fehlerhaften Anwendung: KMPlayer.exe1
Pfad des fehlerhaften Moduls: KMPlayer.exe2
Berichtskennung: KMPlayer.exe3
Error: (01/07/2014 07:54:14 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/06/2014 01:15:26 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: KMPlayer.exe, Version: 3.6.0.87, Zeitstempel: 0x516bbfa0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x1ae4
Startzeit der fehlerhaften Anwendung: 0xKMPlayer.exe0
Pfad der fehlerhaften Anwendung: KMPlayer.exe1
Pfad des fehlerhaften Moduls: KMPlayer.exe2
Berichtskennung: KMPlayer.exe3
System errors:
=============
Error: (01/10/2014 10:40:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/10/2014 10:40:50 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (01/08/2014 07:47:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/08/2014 07:47:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/08/2014 07:41:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/08/2014 07:41:47 PM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (01/06/2014 09:06:35 AM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{455AF214-E34D-4ABE-A69D-C5358007EEB7}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (01/05/2014 06:11:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/05/2014 06:11:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/05/2014 06:10:13 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (01/11/2014 06:40:29 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (01/10/2014 11:39:40 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (01/09/2014 05:22:23 PM) (Source: Application Error)(User: )
Description: KMPlayer.exe3.6.0.87516bbfa0ntdll.dll6.1.7601.18247521ea8e7c000000500038e191bb001cf0d56d2fde152C:\Program Files (x86)\The KMPlayer\KMPlayer.exeC:\Windows\SysWOW64\ntdll.dll37ef8c8f-794a-11e3-9ad3-485b39829bbc
Error: (01/09/2014 04:59:24 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (01/08/2014 09:18:58 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (01/08/2014 03:04:15 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: BoxcryptorUnzulässige Funktion. (0x80070001)
Error: (01/08/2014 02:16:18 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (01/07/2014 11:22:28 PM) (Source: Application Error)(User: )
Description: KMPlayer.exe3.6.0.87516bbfa0ntdll.dll6.1.7601.18247521ea8e7c000000500038e1979001cf0bf6e9b21481C:\Program Files (x86)\The KMPlayer\KMPlayer.exeC:\Windows\SysWOW64\ntdll.dll30a5d9a2-77ea-11e3-9ad3-485b39829bbc
Error: (01/07/2014 07:54:14 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (01/06/2014 01:15:26 AM) (Source: Application Error)(User: )
Description: KMPlayer.exe3.6.0.87516bbfa0ntdll.dll6.1.7601.18247521ea8e7c000000500038e191ae401cf0a74439407e1C:\Program Files (x86)\The KMPlayer\KMPlayer.exeC:\Windows\SysWOW64\ntdll.dlla3caff83-7667-11e3-9ad3-485b39829bbc
==================== Memory info ===========================
Percentage of memory in use: 69%
Total physical RAM: 3884.48 MB
Available physical RAM: 1187.84 MB
Total Pagefile: 13767.13 MB
Available Pagefile: 8657.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:129.98 GB) (Free:10.24 GB) NTFS
Drive d: () (Fixed) (Total:335.68 GB) (Free:16.66 GB) NTFS
Drive f: () (Removable) (Total:1.92 GB) (Free:0.73 GB) FAT
Drive i: (Backup) (Fixed) (Total:746.39 GB) (Free:22.58 GB) NTFS
Drive o: () (Fixed) (Total:2048 GB) (Free:655.02 GB) NTFS
Drive x: (Boxcryptor) (Fixed) (Total:335.68 GB) (Free:16.66 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
12.01.2014, 00:14
| #4 |
| /// TB-Ausbilder | DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes Ok. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Starte noch einmal FRST.
__________________ cheers, Leo |
|
12.01.2014, 12:05
| #5 |
| | DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes Hier die Logdatei vom Adwcleaner: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 12/01/2014 um 11:48:37
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Admin - ASUSN82JV
# Gestartet von : C:\Users\Michael\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Admin\Documents\Mobogenie
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\aartemisSoftware
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\supWPM
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6ef84t4.default\prefs.js ]
[ Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3885 octets] - [12/01/2014 11:47:25]
AdwCleaner[S0].txt - [3273 octets] - [12/01/2014 11:48:37]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3333 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 05 Ran by Michael (ATTENTION: The logged in user is not administrator) on ASUSN82JV on 12-01-2014 11:57:38 Running from C:\Users\Michael\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe (Secomba GmbH) C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ALi) C:\Windows\WebCam\S6000\S6000Mnt.exe (Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [S6000Mnt] - C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM-x32\...\RunOnce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [140544 2013-05-09] (AVAST Software) HKLM-x32\...\RunOnce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [303248 2013-05-09] (AVAST Software) HKLM-x32\...\RunOnce: [aswasOutExt64.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll" [477336 2013-05-09] (AVAST Software) HKLM-x32\...\RunOnce: [20131011] - C:\Program Files\AVAST Software\Avast\setup\emupdate\92c50e77-3713-4654-90d8-58eed3c004ea.exe /check [164240 2013-10-11] (AVAST Software) HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\2050b1d8-ad07-4940-8441-f1fb3681afaf.exe /check [181136 2013-12-30] (AVAST Software) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [Boxcryptor.exe] - C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe [992512 2013-07-24] (Secomba GmbH) HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKCU\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-03-31] (Arainia Solutions) MountPoints2: F - F:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) SSODL: EldosMountNotificator-cbfs4 - {EFCAC3A7-6BD6-4FAB-A359-BC40E5A1B20F} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {EFCAC3A7-6BD6-4FAB-A359-BC40E5A1B20F} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6C697757-396D-4277-97A3-BBF08E3EE139}: [NameServer]212.23.115.84 212.23.115.148 FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default FF SelectedSearchEngine: WEB.DE Suche FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://go.web.de/tb/mff_keyurl_search/?su= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\Extensions\ich@maltegoetz.de [2013-12-12] FF Extension: DownloadHelper - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-11-23] FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-05] FF Extension: DownThemAll! - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ad7nh98q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-16] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-15] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-02-16] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2013-03-31] (Arainia Solutions) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( ) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-02-21] () R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) S3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [114824 2012-08-09] (Mentor Graphics Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-25] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-25] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-25] () R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-07-03] (EldoS Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-30] (DT Soft Ltd) R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2013-03-31] (Arainia Solutions LLC) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC) S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2013-02-26] (Texas Instruments) R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-12 11:57 - 2014-01-12 11:57 - 00018207 _____ C:\Users\Michael\Desktop\FRST.txt 2014-01-12 11:47 - 2014-01-12 11:49 - 00000000 ____D C:\AdwCleaner 2014-01-12 11:46 - 2014-01-12 11:46 - 01233962 _____ C:\Users\Michael\Desktop\adwcleaner.exe 2014-01-11 23:57 - 2014-01-11 23:57 - 00027602 _____ C:\Users\Michael\Desktop\Addition.txt 2014-01-11 23:55 - 2014-01-11 23:57 - 00050174 _____ C:\Users\Michael\Desktop\FRST 1.txt 2014-01-11 23:55 - 2014-01-11 23:55 - 00000000 ____D C:\FRST 2014-01-11 23:48 - 2014-01-11 23:48 - 02076672 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2014-01-10 00:17 - 2014-01-10 00:17 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-08 19:46 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BHBE.DLL 2014-01-08 19:46 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2014-01-06 00:30 - 2014-01-06 00:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-06 00:30 - 2014-01-06 00:30 - 00000000 ____D C:\Program Files\Java 2014-01-06 00:24 - 2014-01-06 00:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-06 00:24 - 2014-01-06 00:23 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-06 00:24 - 2014-01-06 00:23 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-06 00:24 - 2014-01-06 00:23 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-06 00:23 - 2014-01-06 00:23 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-06 00:22 - 2014-01-09 17:27 - 00170496 _____ C:\Users\Michael\Desktop\Ausgaben-Schablone 2014.XLS 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-05 17:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-31 18:17 - 2013-12-31 18:17 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner 2013-12-31 18:14 - 2014-01-06 01:24 - 00002288 _____ C:\Users\Admin\Desktop\JDownloader 2.lnk 2013-12-31 18:14 - 2013-12-31 18:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2013-12-31 18:12 - 2014-01-12 11:44 - 00000000 ____D C:\Users\Admin\AppData\Local\JDownloader v2.0 2013-12-31 18:03 - 2013-12-31 18:03 - 01177008 _____ C:\Users\Michael\Desktop\31122013a.dlc 2013-12-31 18:03 - 2013-12-31 18:03 - 00000000 _____ C:\Users\Michael\Desktop\31122013b.jdc 2013-12-31 17:48 - 2013-12-31 17:48 - 03812240 _____ C:\Users\Michael\Desktop\test.jdc 2013-12-31 01:24 - 2013-12-31 01:24 - 00000000 ____D C:\ProgramData\Oracle 2013-12-31 01:02 - 2013-12-31 01:02 - 00000000 ____D C:\Users\Admin\AppData\Local\cache 2013-12-31 01:02 - 2013-12-31 01:02 - 00000000 ____D C:\Users\Admin\.android 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 ____D C:\Users\Admin\AppData\Local\genienext 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 _____ C:\Users\Admin\daemonprocess.txt 2013-12-24 13:04 - 2013-12-27 01:49 - 00000144 _____ C:\Users\Michael\Desktop\Neues Textdokument.txt 2013-12-24 12:56 - 2013-12-24 12:56 - 00000222 _____ C:\Users\Michael\Desktop\Torchlight II.url 2013-12-21 11:19 - 2013-12-21 11:19 - 00000000 ____D C:\Users\Michael\Documents\My Games 2013-12-21 09:39 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00069448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2013-12-21 09:39 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2013-12-21 09:39 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2013-12-21 09:39 - 2008-10-15 07:03 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2013-12-21 09:39 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2013-12-21 09:39 - 2008-07-30 06:20 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2013-12-21 09:39 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-12-21 09:39 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2013-12-21 09:39 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2013-12-21 09:39 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2013-12-21 09:39 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2013-12-21 09:39 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2013-12-21 09:38 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2013-12-21 09:38 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2013-12-21 09:38 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2013-12-21 09:38 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2013-12-21 09:38 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2013-12-21 09:38 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2013-12-21 09:38 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2013-12-21 09:38 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2013-12-21 09:38 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2013-12-21 09:38 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2013-12-21 09:38 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2013-12-21 09:38 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2013-12-21 09:38 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2013-12-21 09:38 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2013-12-21 09:38 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2013-12-21 09:38 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2013-12-21 09:38 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2013-12-21 09:38 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2013-12-21 09:38 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2013-12-21 09:38 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2013-12-21 09:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2013-12-21 09:38 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2013-12-21 09:38 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2013-12-21 09:38 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2013-12-21 09:38 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2013-12-21 09:38 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2013-12-21 09:38 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2013-12-21 09:38 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2013-12-21 09:38 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2013-12-21 09:38 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2013-12-21 09:38 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2013-12-21 09:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2013-12-21 09:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2013-12-21 09:38 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2013-12-21 09:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2013-12-21 09:38 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2013-12-21 09:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2013-12-21 09:38 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2013-12-21 09:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2013-12-21 09:38 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2013-12-21 09:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2013-12-21 09:38 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2013-12-21 09:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2013-12-21 09:38 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2013-12-21 09:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2013-12-21 09:38 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2013-12-21 09:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2013-12-21 09:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2013-12-21 09:38 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2013-12-21 09:38 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2013-12-21 09:38 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2013-12-21 09:38 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2013-12-21 09:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2013-12-21 09:38 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2013-12-21 09:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2013-12-21 09:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2013-12-21 09:38 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2013-12-21 09:38 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2013-12-21 09:38 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2013-12-21 09:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2013-12-21 09:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2013-12-21 09:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2013-12-21 09:38 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2013-12-21 09:38 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2013-12-21 09:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2013-12-21 09:38 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2013-12-21 09:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2013-12-21 09:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2013-12-21 09:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2013-12-21 09:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2013-12-21 09:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2013-12-21 09:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2013-12-21 09:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2013-12-21 09:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2013-12-21 09:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2013-12-21 09:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2013-12-21 09:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2013-12-21 09:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2013-12-21 09:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2013-12-21 09:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2013-12-21 09:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2013-12-21 09:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2013-12-21 09:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2013-12-21 09:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2013-12-21 09:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2013-12-21 00:04 - 2013-12-21 00:04 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-12-20 19:39 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files (x86)\Steam ==================== One Month Modified Files and Folders ======= 2014-01-12 11:58 - 2014-01-12 11:57 - 00018207 _____ C:\Users\Michael\Desktop\FRST.txt 2014-01-12 11:58 - 2011-04-12 08:43 - 00696942 _____ C:\Windows\system32\perfh007.dat 2014-01-12 11:58 - 2011-04-12 08:43 - 00148206 _____ C:\Windows\system32\perfc007.dat 2014-01-12 11:58 - 2009-07-14 06:13 - 01612776 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-12 11:55 - 2013-04-16 12:32 - 00000546 _____ C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job 2014-01-12 11:54 - 2013-02-16 00:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2014-01-12 11:52 - 2013-06-29 20:45 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-12 11:51 - 2013-02-15 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2014-01-12 11:51 - 2010-11-21 04:47 - 00073846 _____ C:\Windows\PFRO.log 2014-01-12 11:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-12 11:51 - 2009-07-14 05:51 - 00052590 _____ C:\Windows\setupact.log 2014-01-12 11:50 - 2013-02-14 22:02 - 01306131 _____ C:\Windows\WindowsUpdate.log 2014-01-12 11:49 - 2014-01-12 11:47 - 00000000 ____D C:\AdwCleaner 2014-01-12 11:46 - 2014-01-12 11:46 - 01233962 _____ C:\Users\Michael\Desktop\adwcleaner.exe 2014-01-12 11:45 - 2013-12-20 19:39 - 00000000 ____D C:\Program Files (x86)\Steam 2014-01-12 11:44 - 2013-12-31 18:12 - 00000000 ____D C:\Users\Admin\AppData\Local\JDownloader v2.0 2014-01-12 11:43 - 2013-06-29 20:46 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-12 11:20 - 2013-02-15 11:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-11 23:57 - 2014-01-11 23:57 - 00027602 _____ C:\Users\Michael\Desktop\Addition.txt 2014-01-11 23:57 - 2014-01-11 23:55 - 00050174 _____ C:\Users\Michael\Desktop\FRST 1.txt 2014-01-11 23:55 - 2014-01-11 23:55 - 00000000 ____D C:\FRST 2014-01-11 23:52 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-11 23:52 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-11 23:48 - 2014-01-11 23:48 - 02076672 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2014-01-10 00:17 - 2014-01-10 00:17 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-09 17:27 - 2014-01-06 00:22 - 00170496 _____ C:\Users\Michael\Desktop\Ausgaben-Schablone 2014.XLS 2014-01-08 18:11 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2014-01-06 01:24 - 2013-12-31 18:14 - 00002288 _____ C:\Users\Admin\Desktop\JDownloader 2.lnk 2014-01-06 01:21 - 2013-02-15 11:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-06 01:21 - 2013-02-15 11:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-06 00:30 - 2014-01-06 00:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-06 00:30 - 2014-01-06 00:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-06 00:30 - 2014-01-06 00:30 - 00000000 ____D C:\Program Files\Java 2014-01-06 00:27 - 2013-12-05 08:56 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2014-01-06 00:25 - 2013-02-20 09:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2014-01-06 00:23 - 2014-01-06 00:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-06 00:23 - 2014-01-06 00:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-06 00:23 - 2014-01-06 00:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-06 00:23 - 2014-01-06 00:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-06 00:23 - 2014-01-06 00:23 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-05 18:17 - 2013-02-16 12:51 - 00001684 _____ C:\Windows\Sandboxie.ini 2014-01-05 18:08 - 2013-11-17 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-05 17:40 - 2014-01-05 17:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-31 18:17 - 2013-12-31 18:17 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner 2013-12-31 18:14 - 2013-12-31 18:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2013-12-31 18:04 - 2013-03-03 16:48 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-12-31 18:03 - 2013-12-31 18:03 - 01177008 _____ C:\Users\Michael\Desktop\31122013a.dlc 2013-12-31 18:03 - 2013-12-31 18:03 - 00000000 _____ C:\Users\Michael\Desktop\31122013b.jdc 2013-12-31 17:48 - 2013-12-31 17:48 - 03812240 _____ C:\Users\Michael\Desktop\test.jdc 2013-12-31 16:37 - 2013-02-15 23:32 - 00170496 _____ C:\Users\Michael\Desktop\Ausgaben-Schablone 2013.XLS 2013-12-31 01:36 - 2013-03-31 10:34 - 00000000 ____D C:\Users\Michael\AppData\Local\Captcha_Brotherhood 2013-12-31 01:24 - 2013-12-31 01:24 - 00000000 ____D C:\ProgramData\Oracle 2013-12-31 01:20 - 2013-02-14 22:06 - 00001425 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-31 01:02 - 2013-12-31 01:02 - 00000000 ____D C:\Users\Admin\AppData\Local\cache 2013-12-31 01:02 - 2013-12-31 01:02 - 00000000 ____D C:\Users\Admin\.android 2013-12-31 01:02 - 2013-02-14 22:06 - 00000000 ____D C:\Users\Admin 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 ____D C:\Users\Admin\AppData\Local\genienext 2013-12-31 01:01 - 2013-12-31 01:01 - 00000000 _____ C:\Users\Admin\daemonprocess.txt 2013-12-28 18:34 - 2013-02-18 20:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2013-12-27 01:49 - 2013-12-24 13:04 - 00000144 _____ C:\Users\Michael\Desktop\Neues Textdokument.txt 2013-12-26 11:53 - 2013-05-11 21:36 - 00069320 _____ C:\Users\Michael\Desktop\Trainingsbuch-2013.xlsm 2013-12-24 12:56 - 2013-12-24 12:56 - 00000222 _____ C:\Users\Michael\Desktop\Torchlight II.url 2013-12-21 11:19 - 2013-12-21 11:19 - 00000000 ____D C:\Users\Michael\Documents\My Games 2013-12-21 09:38 - 2013-05-29 19:14 - 00072726 _____ C:\Windows\DirectX.log 2013-12-21 00:04 - 2013-12-21 00:04 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-12-15 11:40 - 2013-07-10 22:25 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 11:34 - 2013-02-14 23:47 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\AcDeltree.exe C:\Users\Admin\AppData\Local\Temp\AutoRun.exe C:\Users\Admin\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Admin\AppData\Local\Temp\EAInstall.dll C:\Users\Admin\AppData\Local\Temp\eauninstall.exe C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Admin\AppData\Local\Temp\ose00000.exe C:\Users\Admin\AppData\Local\Temp\PIPInstaller_PTV_.exe C:\Users\Admin\AppData\Local\Temp\proxy_vole7149757329711055403.dll C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\removeKCL.EXE C:\Users\Admin\AppData\Local\Temp\removeKTID.EXE C:\Users\Admin\AppData\Local\Temp\remTIDShortcut.EXE C:\Users\Admin\AppData\Local\Temp\RestorePreviousVersion.EXE C:\Users\Admin\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe C:\Users\Admin\AppData\Local\Temp\writeLogFile.EXE C:\Users\Michael\AppData\Local\Temp\jna3405360190786318313.dll C:\Users\Michael\AppData\Local\Temp\jna609717743705153212.dll C:\Users\Michael\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Michael\AppData\Local\Temp\PicasaUpdater_1ce.exe C:\Users\Michael\AppData\Local\Temp\PicasaUpdater_5129.exe C:\Users\Michael\AppData\Local\Temp\ppypd-ts.dll C:\Users\Michael\AppData\Local\Temp\proxy_util_w32.dll C:\Users\Michael\AppData\Local\Temp\removeKTID.EXE C:\Users\Michael\AppData\Local\Temp\remTIDShortcut.EXE C:\Users\Michael\AppData\Local\Temp\SandboxieInstall.exe C:\Users\Michael\AppData\Local\Temp\SkypeSetup.exe C:\Users\Michael\AppData\Local\Temp\TI-Nspire_CAS_Student_Software-3.2.0.1219.exe C:\Users\Michael\AppData\Local\Temp\vlc-2.0.8-win64.exe C:\Users\Michael\AppData\Local\Temp\writeLogFile.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ |
|
12.01.2014, 13:32
| #6 |
| /// TB-Ausbilder | DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes Wie läuft der Rechner jetzt? ESET Online Scanner
__________________ --> DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes |
|
14.01.2014, 08:33
| #7 |
| | DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes Also der Rechner lief immer schon stabil. Hatte keine Probleme. Hier der ESET log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7940ab359c210f44acebecdeafd6ce9a
# engine=16637
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-14 06:58:57
# local_time=2014-01-14 07:58:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 14825395 166392609 0 0
# compatibility_mode=5893 16776573 100 94 91374 141312587 0 0
# scanned=823662
# found=2
# cleaned=0
# scan_time=31744
sh=F14B919B7CDADB73B0CA58A3A2E289B5F36A3C7E ft=1 fh=185bd5b29154c733 vn="Win32/KillFiles.NEQ trojan" ac=I fn="I:\Daten\Studium\Semester 1\Softwarewerkzeuge für Ingenieure\Informatik Oberstufe C\C\0\main.exe"
sh=E5CDEC455B74EDCF00D0A1622F01AEFE7299210E ft=1 fh=185bd5b23026b6b1 vn="Win32/KillFiles.NEQ trojan" ac=I fn="I:\Daten\Studium\Semester 1\Softwarewerkzeuge für Ingenieure\Informatik Oberstufe C\C\0\testtest.exe"
|
|
14.01.2014, 13:12
| #8 |
| /// TB-Ausbilder | DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes Ok, passt. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
14.01.2014, 23:15
| #9 |
| | DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes Ok. Vielen Dank für deine Hilfe! Habe adwcleaner und FRST manuell deinstalliert. MBAR und ESET möchte ich behalten. Die anderen Sicherheitshinweise habe ich schon so eingerichtet. |
|
15.01.2014, 01:39
| #10 |
| /// TB-Ausbilder | DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes |
| aartemis, aartemis entfernen, administrator, anti-malware, dateien, explorer, gelöscht, iexplore.exe, installation, löschen, malware gefunden, malwarebytes, microsoft, mobogenie, mobogenie entfernen, pup.optional.aartemis, pup.optional.aartemis.a, pup.optional.installcore.a, pup.optional.nextlive.a, pup.optional.qone8, pup.optional.softonic, pup.optional.wpmanager.a, rundll32.exe, software, win32/killfiles.neq, windows |
Linear-Darstellung
