Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Security.Hijack gefunden, was nun?

Windows 7: Security.Hijack gefunden, was nun?


Log-Analyse und Auswertung: Windows 7: Security.Hijack gefunden, was nun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 05.03.2014, 18:38   #1
PP88
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Hallo,

vor zwei Tagen lies sich zum ersten mal mein Firefox nicht mehr öffnen, stattdessen ist folgende Fehlermeldung erschienen: "Einschränkung: Der Vorgang wurde aufgrund von aktuellen Beschränkungen auf dem Computer abgebrochen. Wenden Sie sich an den Systemadministrator."

Daraufhin habe ich das Problem gegoogelt und habe in diesem Forum hxxp://www.camp-firefox.de/forum/viewtopic.php?f=1&t=104012 den Tipp erhalten Malwarebytes-Antimalware über meinen PC laufen zu lassen. Nun ja, dort habe ich gesehen das mein Laptop u.a. befallen ist von Security.Hijack. Daraufhin habe ich auch danach gegoogelt und folgenden Link http://www.trojaner-board.de/69886-a...-beachten.html gefunden.

Deswegen bin ich nun hier und hoffe mir kann jemand sagen was ich jetzt unternehmen soll. Ich hoffe nur, dass ich nicht alles löschen muss...

Hier sind erst mal die Logfiles der Programme die mir empfohlen wurden.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.05.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
***** :: *****-PC [Administrator]

05.03.2014 09:09:41
MBAM-log-2014-03-05 (10-23-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206317
Laufzeit: 6 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|1 (Security.Hijack) -> Daten: firefox.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 39
C:\Users\*****\AppData\Local\Temp\+r_JPHDv.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\+Z3j8z_9.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\e8qLHA7u.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\Ea8GvexE.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\eKfqnz0B.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\ivuQ9Mn7.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\HTURPFAv.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\ICm0SyU9.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\IiNk99rL.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\mmesw0Gw.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\1KI1kO1y.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\2D9dsMZw.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\3e8LeMCu.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\5vVb4h44.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\7KrENgIY.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\J0GOB77_.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\jnSqoPK0.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\kuUSLwNS.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\MG5k08CL.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\yrhA79ts.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\reAbACIV.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\Sp+qjjvW.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\sQ47tAfW.exe.part (PUP.Optional.Amonetize) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\wmOPCCZd.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\wYLVTmDR.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\DPi2+qHs.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\PVJHGT39.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\Q68kPzYO.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\qC1tfmKX.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\QTXe2Vw3.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\XQzQ3WJz.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\UMkxsxf_.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\Uu5uKVlE.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\v1YA1GIU.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\VGng2l8K.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\ItQtSVii.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\8Cl1SA+x.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\lH9vI6m2.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\LVlA7AaO.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.

(Ende)
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:10 on 05/03/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2014
Ran by ***** (administrator) on *****-PC on 05-03-2014 17:12:37
Running from C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8O90389
Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMScan.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [Spotify Web Helper] - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-12-16] (Jumping Bytes)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer\DisallowRun: [1] firefox.exe
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: F - F:\sources\sperr32.exe x64
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: {8194dac8-be41-11e2-8b92-806e6f6e6963} - D:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDC4B6855652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "192.168.0.3"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.3"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.3"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "192.168.0.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.168.0.3"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\amazon-icon@giga.de [2014-03-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-16]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-02-18] (Juniper Networks)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
R2 postgresql-9.3; C:/Program Files/PostgreSQL/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2013-02-18] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-16] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [136904 2014-01-23] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [17864 2014-01-23] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [153672 2014-01-23] (MCCI Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [130376 2014-01-23] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-05 17:10 - 2014-03-05 17:10 - 00000486 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 08:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:10 - 2014-03-04 20:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:10 - 2014-03-03 23:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:09 - 2014-03-03 23:28 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:50 - 2014-03-03 21:54 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:46 - 2014-01-23 04:21 - 00153672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00136904 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00130376 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssceserd.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00017864 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2014-02-26 13:52 - 2014-02-26 13:52 - 00028092 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-22 22:04 - 2014-02-23 00:25 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-18 23:51 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:37 - 2014-02-18 23:37 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-02-18 23:33 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-18 23:33 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 23:04 - 2014-02-25 20:17 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:58 - 2014-02-18 22:59 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:55 - 2014-02-18 22:56 - 00000000 ____D () C:\Python33
2014-02-18 22:53 - 2014-02-25 15:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 22:52 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:52 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-02-18 22:52 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-02-18 22:52 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-02-18 22:52 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2014-02-18 22:52 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-02-18 22:52 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-02-18 22:52 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-02-18 22:52 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2014-02-18 22:52 - 2009-06-10 22:34 - 00316640 _____ () C:\Windows\WMSysPr9.prx
2014-02-18 22:51 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:51 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-02-18 22:50 - 2014-02-25 15:44 - 00000000 ____D () C:\Program Files\Samsung
2014-02-18 22:48 - 2014-02-18 22:49 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:30 - 2014-02-18 20:39 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 20:17 - 2014-02-18 20:41 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 08:34 - 2014-02-18 08:36 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:32 - 2014-02-18 08:33 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:34 - 2014-02-17 11:44 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:01 - 2014-02-16 19:03 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:52 - 2014-02-16 18:58 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:51 - 2014-02-16 19:05 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:45 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:44 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:35 - 2014-02-16 18:37 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:16 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:16 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:16 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:16 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:16 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:16 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:16 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:16 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:16 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:16 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:16 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:16 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:16 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:16 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:16 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:16 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:16 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:16 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:58 - 2014-02-12 16:10 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 16:13 - 2014-02-12 17:01 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 14:55 - 2014-02-12 14:54 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:35 - 2014-02-14 09:40 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-12 14:08 - 2014-02-12 14:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:59 - 2014-02-12 13:49 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-06 20:07 - 2014-02-07 14:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-05 17:11 - 2013-10-14 05:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 17:10 - 2014-03-05 17:10 - 00000486 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 17:10 - 2013-05-16 17:54 - 00000000 ____D () C:\Users\*****
2014-03-05 17:08 - 2013-05-16 17:01 - 01915081 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 17:05 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 17:05 - 2009-07-14 05:07 - 00048831 _____ () C:\Windows\setupact.log
2014-03-05 16:41 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 16:41 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 14:02 - 2013-09-30 19:01 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 07:23 - 2013-05-19 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:11 - 2014-03-04 20:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 16:03 - 2013-12-04 09:30 - 00000000 ____D () C:\Users\*****\Documents\Praktikum_Deutronic
2014-03-04 14:25 - 2010-11-20 22:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:28 - 2014-03-03 23:09 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:26 - 2014-03-03 23:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:54 - 2014-03-03 21:50 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:18 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-27 20:46 - 2013-08-02 22:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-02-26 17:22 - 2013-05-17 18:53 - 00000000 ____D () C:\Users\*****\Documents\MATLAB
2014-02-26 13:52 - 2014-02-26 13:52 - 00028092 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 20:17 - 2014-02-18 23:04 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-25 15:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-25 15:45 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-25 15:44 - 2014-02-18 22:50 - 00000000 ____D () C:\Program Files\Samsung
2014-02-25 15:43 - 2014-02-18 22:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-24 22:08 - 2013-09-18 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2014-02-24 20:52 - 2013-09-18 17:03 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2014-02-24 08:25 - 2013-09-30 17:50 - 00000000 ____D () C:\Users\*****\Desktop\Programme
2014-02-23 09:16 - 2010-11-20 22:49 - 00245462 _____ () C:\Windows\PFRO.log
2014-02-23 00:25 - 2014-02-22 22:04 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-22 18:18 - 2013-12-22 23:33 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 18:18 - 2013-05-16 20:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 18:18 - 2013-05-16 20:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 17:11 - 2013-05-16 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:11 - 2013-05-16 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-19 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:51 - 2014-02-18 22:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-18 23:37 - 2014-02-18 23:37 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-02-18 23:33 - 2013-05-16 20:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 23:31 - 2013-09-30 18:48 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:59 - 2014-02-18 22:58 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:56 - 2014-02-18 22:55 - 00000000 ____D () C:\Python33
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:49 - 2014-02-18 22:48 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:41 - 2014-02-18 20:17 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:39 - 2014-02-18 20:30 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 13:48 - 2013-09-30 17:57 - 00000000 ____D () C:\Users\*****\Praktikum
2014-02-18 11:12 - 2014-01-28 08:30 - 00000000 ____D () C:\Users\*****\Bachelorarbeit
2014-02-18 11:11 - 2013-10-08 07:04 - 00079872 ___SH () C:\Users\*****\Thumbs.db
2014-02-18 08:36 - 2014-02-18 08:34 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:33 - 2014-02-18 08:32 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:44 - 2014-02-17 11:34 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:05 - 2014-02-16 18:51 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 19:03 - 2014-02-16 19:01 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:58 - 2014-02-16 18:52 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:49 - 2014-02-16 18:45 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:49 - 2014-02-16 18:44 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:37 - 2014-02-16 18:35 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-14 14:36 - 2013-10-01 07:45 - 00000000 ____D () C:\Program Files\BaSyTec
2014-02-14 09:40 - 2014-02-12 14:35 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2013-08-06 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:14 - 2013-05-16 20:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:01 - 2014-02-12 16:13 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 16:10 - 2014-02-12 16:58 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 14:54 - 2014-02-12 14:55 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:13 - 2014-02-12 14:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:49 - 2014-02-12 13:59 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-11 14:06 - 2014-01-16 12:27 - 00000000 ____D () C:\Users\*****\Documents\Praesentation_Deutronic_Praktikum
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-07 16:33 - 2014-02-18 23:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-07 14:09 - 2014-02-06 20:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-12 17:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-12 17:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-12 17:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-12 17:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-12 17:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 17:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-12 17:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-12 17:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-12 17:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-12 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-12 17:16 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-12 17:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-12 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-12 17:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 17:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 17:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-12 17:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-12 17:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-12 17:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\Checkupdate.exe
C:\Users\*****\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\gcapi_dll.dll
C:\Users\*****\AppData\Local\Temp\GdiPlus.dll
C:\Users\*****\AppData\Local\Temp\gtapi_signed.dll
C:\Users\*****\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\*****\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\*****\AppData\Local\Temp\pyl2665.tmp.exe
C:\Users\*****\AppData\Local\Temp\pyl7DBA.tmp.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 09:25

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2014
Ran by ***** at 2014-03-05 17:13:03
Running from C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8O90389
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ActiveState Komodo Edit 8.5.3 (HKLM\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.3 - ActiveState Software Inc.)
AdblockIE (HKLM\...\{5508128A-2C7B-46B5-81F9-58E8E8115F0B}) (Version: 1.2 - af0.net)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
BaSyTec (HKLM\...\{DEE17AC1-38EB-4CDA-81CB-AE8CEC940967}) (Version: 5.00.00 - BaSyTec GmbH)
BeCyPDFMetaEdit (HKLM\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dungeon Keeper 2 (HKLM\...\Dungeon Keeper II) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Juniper Installer Service (HKLM\...\SetupService) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Network Connect 7.1.14 (HKLM\...\Juniper Network Connect 7.1.14) (Version: 7.1.14.23943 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maple 15 (HKLM\...\Maple 15) (Version: 15.0.0.0 - Maplesoft)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mobile Master (Version: 8.9.3 - Jumping Bytes) Hidden
Mobile Master 8.9.3 (HKLM\...\Mobile Master) (Version: 8.9.3 - Jumping Bytes)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKCU\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.6128 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13550 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.2 (HKLM\...\{91E5A436-8560-4621-9F26-D7050D078832}) (Version: 4.3.2 - Oracle Corporation)
Populous: The Beginning (HKLM\...\Populous: The Beginning) (Version:  - )
PostgreSQL 9.3  (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
psqlODBC (HKLM\...\{D3527FA5-9C2B-4550-A59B-9534A78950F4}) (Version: 09.03.0100 - PostgreSQL Global Development Group)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Python 3.3.4 (HKLM\...\{cc2659bc-d27d-3593-a0a0-9ac0de07a430}) (Version: 3.3.4150 - Python Software Foundation)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM\...\{7709C9B0-AD83-4F7C-A153-B956BC3C3B0A}) (Version: 3.1.10 - Kivuto Solutions Inc.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7255 - Analog Devices)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Ubuntu (HKLM\...\Wubi) (Version: 13.10-rev284 - Ubuntu)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)

==================== Restore Points  =========================

18-02-2014 21:50:15 Installiert Samsung New PC Studio
18-02-2014 21:58:17 Installed ActiveState Komodo Edit 8.5.3
18-02-2014 22:01:15 Entfernt Samsung New PC Studio
18-02-2014 22:03:52 Installiert Samsung New PC Studio
18-02-2014 22:32:45 Installed Samsung Kies
20-02-2014 05:49:13 Windows Update
22-02-2014 17:17:24 avast! antivirus system restore point
23-02-2014 18:32:07 Windows-Sicherung
25-02-2014 14:37:33 Removed Samsung Kies
25-02-2014 14:42:39 Installed Samsung Kies
03-03-2014 11:29:26 Windows-Sicherung
03-03-2014 22:08:53 Installed Mobile Master

==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-11-10 23:40 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2E955674-911C-40A2-A5A5-496DC9918F54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {7C30373D-B376-4CDD-A094-9E4038EBDF9C} - System32\Tasks\RunAsStdUser Task => C:\Program Files\MATLAB\R2010a\MATLAB R2010a.lnk [2013-05-17] () <==== ATTENTION
Task: {92DBBDA2-9A7D-42F0-8758-ADEFF8B077DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-22] (AVAST Software)
Task: {9787913F-5EEB-4C0D-9BE5-0C4CAB2D7496} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-05 07:23 - 2014-03-04 20:03 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030401\algo.dll
2014-02-12 14:04 - 2013-10-08 08:07 - 00139264 _____ () C:\Program Files\PostgreSQL\9.3\bin\LIBPQ.dll
2014-02-12 14:05 - 2012-08-14 14:30 - 01009664 _____ () C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
2013-12-12 16:46 - 2013-12-12 16:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-25 15:45 - 2014-02-25 15:45 - 00185344 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\7aed4e2ec90776185850c38df3083049\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-25 15:46 - 2014-02-25 15:46 - 15006208 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4c5e9b147e83762f9ed2f2a7998fbdce\Kies.Theme.ni.dll
2014-02-25 15:45 - 2014-02-25 15:45 - 01839104 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\70d92dda0fd3438e66027154948fc87a\Kies.UI.ni.dll
2014-02-25 15:45 - 2014-02-25 15:45 - 00081408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\865e3cc4ed0bac3d0f35f95a5e8e15a3\Kies.MVVM.ni.dll
2014-02-25 15:46 - 2014-02-25 15:46 - 00233984 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\97df4af47d975f5e8e1a80f9e246d4b6\ASF_cSharpAPI.ni.dll
2014-02-06 20:07 - 2014-02-06 20:07 - 03019376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-02-06 20:07 - 2014-02-06 20:07 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-06 20:07 - 2014-02-06 20:07 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Faulty Device Manager Devices =============

Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2014 05:05:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 09:43:15 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile  Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (03/05/2014 08:58:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 07:24:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 07:23:25 AM) (Source: PostgreSQL) (User: )
Description: Zeitüberschreitung beim Warten auf Start des Servers

Error: (03/04/2014 08:04:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 09:39:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 09:21:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1668, Zeitstempel: 0x52f4b1dd
Name des fehlerhaften Moduls: PresentationFramework.ni.dll, Version: 4.0.30319.18060, Zeitstempel: 0x51ee2110
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003630a7
ID des fehlerhaften Prozesses: 0x1268
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3

Error: (03/03/2014 09:21:34 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
   bei System.Windows.Window.ShowHelper(System.Object)
   bei System.Windows.Window.Show()
   bei Kies.App.StartKies()
   bei Kies.App.App_Startup2(System.Object, System.Windows.StartupEventArgs)
   bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   bei Kies.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.Run()
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei Kies.App.Main()

Error: (03/03/2014 09:17:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/05/2014 05:06:14 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/05/2014 08:58:49 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/05/2014 07:24:21 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/04/2014 08:05:08 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/04/2014 09:38:42 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/03/2014 09:17:32 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/03/2014 00:20:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/28/2014 01:40:44 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/28/2014 08:12:15 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/28/2014 07:09:26 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (03/05/2014 05:05:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 09:43:15 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\Samsung\Kies\External\firmwareupdate\GT-B2710\DeviceController64.exec:\program files\Samsung\Kies\External\firmwareupdate\GT-B2710\Microsoft.VC90.CRT.MANIFEST11

Error: (03/05/2014 08:58:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 07:24:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 07:23:25 AM) (Source: PostgreSQL)(User: )
Description: Zeitüberschreitung beim Warten auf Start des Servers

Error: (03/04/2014 08:04:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 09:39:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 09:21:35 PM) (Source: Application Error)(User: )
Description: Kies.exe1.0.0.166852f4b1ddPresentationFramework.ni.dll4.0.30319.1806051ee2110c0000005003630a7126801cf371db6c8fd86C:\Program Files\Samsung\Kies\Kies.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8711b01d60a94d6ef6a02d7fd0578493\PresentationFramework.ni.dll6a94719c-a311-11e3-b47d-00247e7f651a

Error: (03/03/2014 09:21:34 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
   bei System.Windows.Window.ShowHelper(System.Object)
   bei System.Windows.Window.Show()
   bei Kies.App.StartKies()
   bei Kies.App.App_Startup2(System.Object, System.Windows.StartupEventArgs)
   bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   bei Kies.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.Run()
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei Kies.App.Main()

Error: (03/03/2014 09:17:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
[CODE]
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-05 17:48:54
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 ST9320421AS rev.HP15 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\MARKUS~1\AppData\Local\Temp\pwliyaog.sys


---- System - GMER 2.1 ----

SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwAddBootEntry [0x904B0ACC]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwAssignProcessToJobObject [0x904B15AA]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwCreateEvent [0x904BD692]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwCreateEventPair [0x904BD6DE]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwCreateIoCompletion [0x904BD878]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwCreateMutant [0x904BD600]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwCreateSection [0x90567426]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwCreateSemaphore [0x904BD648]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwCreateThread [0x904B1AE0]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwCreateThreadEx [0x904B1CFC]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwCreateTimer [0x904BD832]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwDebugActiveProcess [0x904B2398]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwDeleteBootEntry [0x904B0B32]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwDuplicateObject [0x904B5BE4]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwLoadDriver [0x904B071E]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwMapViewOfSection [0x90567506]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwModifyBootEntry [0x904B0B98]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwNotifyChangeKey [0x904B5FDA]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwNotifyChangeMultipleKeys [0x904B2EDE]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwOpenEvent [0x904BD6BC]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwOpenEventPair [0x904BD700]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwOpenIoCompletion [0x904BD89C]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwOpenMutant [0x904BD626]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwOpenProcess [0x904B54DE]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwOpenSection [0x904BD7B0]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwOpenSemaphore [0x904BD670]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwOpenThread [0x904B58C6]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwOpenTimer [0x904BD856]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwProtectVirtualMemory [0x905672AA]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwQueryObject [0x904B2CF4]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwQueueApcThreadEx [0x904B2A02]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwSetBootEntryOrder [0x904B0BFE]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwSetBootOptions [0x904B0C64]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwSetContextThread [0x90567602]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwSetSystemInformation [0x904B07B8]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwSetSystemPowerState [0x904B098A]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwShutdownSystem [0x904B0918]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwSuspendProcess [0x904B2562]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwSuspendThread [0x904B26C4]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwSystemDebugControl [0x904B0A12]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwTerminateProcess [0x90567378]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwTerminateThread [0x904B21F2]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwVdmControl [0x904B0CCA]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                       ZwWriteVirtualMemory [0x904B1606]

---- Kernel code sections - GMER 2.1 ----

.text   ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                         82C44A15 1 Byte  [06]
.text   ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82C7E212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text   ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                              82C85460 4 Bytes  [CC, 0A, 4B, 90] {INT 3 ; OR CL, [EBX-0x70]}
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                              82C854E8 4 Bytes  [AA, 15, 4B, 90]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                              82C8553C 8 Bytes  [92, D6, 4B, 90, DE, D6, 4B, ...]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                              82C85548 4 Bytes  [78, D8, 4B, 90] {JS 0xffffffda; DEC EBX; NOP }
.text   ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                              82C85564 4 Bytes  [00, D6, 4B, 90] {ADD DH, DL; DEC EBX; NOP }
.text   ...                                                                                              
PAGE    ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                      82E404DF 4 Bytes  CALL 904B35C5 \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE    ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                     82E5A347 4 Bytes  CALL 904B35DB \??\C:\Windows\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\svchost.exe[336] kernel32.dll!GetBinaryTypeW + 70                            76FD69E4 1 Byte  [62]
.text   C:\Windows\system32\AUDIODG.EXE[340] kernel32.dll!GetBinaryTypeW + 70                            76FD69E4 1 Byte  [62]
.text   C:\Program Files\PostgreSQL\9.3\bin\postgres.exe[456] kernel32.dll!GetBinaryTypeW + 70           76FD69E4 1 Byte  [62]
.text   C:\Windows\system32\csrss.exe[464] kernel32.dll!GetBinaryTypeW + 70                              76FD69E4 1 Byte  [62]
.text   C:\Windows\system32\wininit.exe[524] kernel32.dll!GetBinaryTypeW + 70                            76FD69E4 1 Byte  [62]
.text   ...                                                                                              

---- Devices - GMER 2.1 ----

Device  \Driver\BTHUSB \Device\0000008e                                                                  bthport.sys

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e7f651a                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e7f651a@2013e05a9d29         0x1E 0xE4 0x86 0xBC ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e7f651a (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e7f651a@2013e05a9d29             0x1E 0xE4 0x86 0xBC ...

---- EOF - GMER 2.1 ----
--- --- ---


Vielen Dank schon mal.

Beste Grüße
Markus

Alt 06.03.2014, 08:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Hi,

Funde von MBAM löschen lassen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________
Alt 06.03.2014, 18:52   #3
PP88
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Hallo,

vielen Dank für die schnelle Antwort.

Hier die Log-Files:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional N x86
Ran by ***** on 06.03.2014 at 18:32:36,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\fdt5qvea.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2014 at 18:35:04,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.020 - Bericht erstellt am 06/03/2014 um 18:25:06
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Professional N Service Pack 1 (32 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files\myfree codec
Ordner Gelöscht : C:\Users\MARKUS~1\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C30373D-B376-4CDD-A094-9E4038EBDF9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2584 octets] - [06/03/2014 18:21:35]
AdwCleaner[S0].txt - [2515 octets] - [06/03/2014 18:25:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2575 octets] ##########
--- --- ---



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2014
Ran by ***** (administrator) on *****-PC on 06-03-2014 18:45:55
Running from C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN6A4PWM
Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMAgent.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMScan.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [Spotify Web Helper] - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-12-16] (Jumping Bytes)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: F - F:\sources\sperr32.exe x64
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: {8194dac8-be41-11e2-8b92-806e6f6e6963} - D:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDC4B6855652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "192.168.0.3"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.3"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.3"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "192.168.0.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.168.0.3"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\amazon-icon@giga.de [2014-03-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-16]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-02-18] (Juniper Networks)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
R2 postgresql-9.3; C:/Program Files/PostgreSQL/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2013-02-18] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-16] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [136904 2014-01-23] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [17864 2014-01-23] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [153672 2014-01-23] (MCCI Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [130376 2014-01-23] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 18:35 - 2014-03-06 18:35 - 00000773 _____ () C:\Users\*****\Desktop\JRT.txt
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:30 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:27 - 2014-03-06 18:28 - 00002628 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt
2014-03-06 18:21 - 2014-03-06 18:25 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:21 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:51 - 2014-03-06 15:51 - 00024833 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:12 - 2014-03-06 18:45 - 00000000 ____D () C:\FRST
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 08:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:10 - 2014-03-04 20:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:10 - 2014-03-03 23:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:09 - 2014-03-03 23:28 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:50 - 2014-03-03 21:54 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:46 - 2014-01-23 04:21 - 00153672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00136904 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00130376 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssceserd.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00017864 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-22 22:04 - 2014-02-23 00:25 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-18 23:51 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:33 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-18 23:33 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 23:04 - 2014-02-25 20:17 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:58 - 2014-02-18 22:59 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:55 - 2014-02-18 22:56 - 00000000 ____D () C:\Python33
2014-02-18 22:53 - 2014-02-25 15:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 22:52 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:52 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-02-18 22:52 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-02-18 22:52 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-02-18 22:52 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2014-02-18 22:52 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-02-18 22:52 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-02-18 22:52 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-02-18 22:52 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2014-02-18 22:52 - 2009-06-10 22:34 - 00316640 _____ () C:\Windows\WMSysPr9.prx
2014-02-18 22:51 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:51 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-02-18 22:50 - 2014-02-25 15:44 - 00000000 ____D () C:\Program Files\Samsung
2014-02-18 22:48 - 2014-02-18 22:49 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:30 - 2014-02-18 20:39 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 20:17 - 2014-02-18 20:41 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 08:34 - 2014-02-18 08:36 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:32 - 2014-02-18 08:33 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:34 - 2014-02-17 11:44 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:01 - 2014-02-16 19:03 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:52 - 2014-02-16 18:58 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:51 - 2014-02-16 19:05 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:45 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:44 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:35 - 2014-02-16 18:37 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:16 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:16 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:16 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:16 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:16 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:16 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:16 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:16 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:16 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:16 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:16 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:16 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:16 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:16 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:16 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:16 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:16 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:16 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:58 - 2014-02-12 16:10 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 16:13 - 2014-02-12 17:01 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 14:55 - 2014-02-12 14:54 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:35 - 2014-02-14 09:40 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-12 14:08 - 2014-02-12 14:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:59 - 2014-02-12 13:49 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-06 20:07 - 2014-02-07 14:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-03-06 18:45 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-06 18:38 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 18:38 - 2009-07-14 05:07 - 00049223 _____ () C:\Windows\setupact.log
2014-03-06 18:37 - 2013-05-16 17:01 - 02046754 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 18:37 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 18:37 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 18:35 - 2014-03-06 18:35 - 00000773 _____ () C:\Users\*****\Desktop\JRT.txt
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:28 - 2014-03-06 18:27 - 00002628 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt
2014-03-06 18:25 - 2014-03-06 18:21 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:20 - 2014-03-06 18:30 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 18:14 - 2013-05-16 17:58 - 00000000 ____D () C:\Windows\Panther
2014-03-06 18:14 - 2010-11-20 22:49 - 00255550 _____ () C:\Windows\PFRO.log
2014-03-06 18:11 - 2013-10-14 05:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 17:58 - 2014-03-06 18:21 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:51 - 2014-03-06 15:51 - 00024833 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-06 15:35 - 2013-10-01 07:45 - 00000000 ____D () C:\Program Files\BaSyTec
2014-03-06 07:28 - 2009-07-14 05:17 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:56 - 2013-09-13 08:52 - 336285250 _____ () C:\Windows\MEMORY.DMP
2014-03-05 17:56 - 2013-09-13 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 17:10 - 2013-05-16 17:54 - 00000000 ____D () C:\Users\*****
2014-03-05 14:02 - 2013-09-30 19:01 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 07:23 - 2013-05-19 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:11 - 2014-03-04 20:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 16:03 - 2013-12-04 09:30 - 00000000 ____D () C:\Users\*****\Documents\Praktikum_Deutronic
2014-03-04 14:25 - 2010-11-20 22:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:28 - 2014-03-03 23:09 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:26 - 2014-03-03 23:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:54 - 2014-03-03 21:50 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:18 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-27 20:46 - 2013-08-02 22:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-02-26 17:22 - 2013-05-17 18:53 - 00000000 ____D () C:\Users\*****\Documents\MATLAB
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 20:17 - 2014-02-18 23:04 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-25 15:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-25 15:45 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-25 15:44 - 2014-02-18 22:50 - 00000000 ____D () C:\Program Files\Samsung
2014-02-25 15:43 - 2014-02-18 22:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-24 22:08 - 2013-09-18 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2014-02-24 20:52 - 2013-09-18 17:03 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2014-02-24 08:25 - 2013-09-30 17:50 - 00000000 ____D () C:\Users\*****\Desktop\Programme
2014-02-23 00:25 - 2014-02-22 22:04 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-22 18:18 - 2013-12-22 23:33 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 18:18 - 2013-05-16 20:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 18:18 - 2013-05-16 20:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 17:11 - 2013-05-16 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:11 - 2013-05-16 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-19 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:51 - 2014-02-18 22:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-18 23:33 - 2013-05-16 20:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 23:31 - 2013-09-30 18:48 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:59 - 2014-02-18 22:58 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:56 - 2014-02-18 22:55 - 00000000 ____D () C:\Python33
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:49 - 2014-02-18 22:48 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:41 - 2014-02-18 20:17 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:39 - 2014-02-18 20:30 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 13:48 - 2013-09-30 17:57 - 00000000 ____D () C:\Users\*****\Praktikum
2014-02-18 11:12 - 2014-01-28 08:30 - 00000000 ____D () C:\Users\*****\Bachelorarbeit
2014-02-18 11:11 - 2013-10-08 07:04 - 00079872 ___SH () C:\Users\*****\Thumbs.db
2014-02-18 08:36 - 2014-02-18 08:34 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:33 - 2014-02-18 08:32 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:44 - 2014-02-17 11:34 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:05 - 2014-02-16 18:51 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 19:03 - 2014-02-16 19:01 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:58 - 2014-02-16 18:52 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:49 - 2014-02-16 18:45 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:49 - 2014-02-16 18:44 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:37 - 2014-02-16 18:35 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-14 09:40 - 2014-02-12 14:35 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2013-08-06 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:14 - 2013-05-16 20:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:01 - 2014-02-12 16:13 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 16:10 - 2014-02-12 16:58 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 14:54 - 2014-02-12 14:55 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:13 - 2014-02-12 14:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:49 - 2014-02-12 13:59 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-11 14:06 - 2014-01-16 12:27 - 00000000 ____D () C:\Users\*****\Documents\Praesentation_Deutronic_Praktikum
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-07 16:33 - 2014-02-18 23:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-07 14:09 - 2014-02-06 20:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-12 17:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-12 17:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-12 17:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-12 17:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-12 17:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 17:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-12 17:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-12 17:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-12 17:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-12 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-12 17:16 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-12 17:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-12 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-12 17:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 17:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 17:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-12 17:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-12 17:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-12 17:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\Checkupdate.exe
C:\Users\*****\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\gcapi_dll.dll
C:\Users\*****\AppData\Local\Temp\GdiPlus.dll
C:\Users\*****\AppData\Local\Temp\gtapi_signed.dll
C:\Users\*****\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\*****\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\*****\AppData\Local\Temp\pyl2665.tmp.exe
C:\Users\*****\AppData\Local\Temp\pyl7DBA.tmp.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 09:25

==================== End Of Log ============================
--- --- ---


Danke für deine Hilfe!

Glaubst du es besteht eine Möglichkeit das ich meinem Laptop nochmal trauen kann ohne ihn zu formatieren?

Beste Grüße,
Markus
__________________
Alt 07.03.2014, 16:48   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.03.2014, 22:35   #5
PP88
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Hallo Schrauber,

kann ich denn nach dem Onlinescan meine Anti-Virus Software und meine Firewall wieder aktivieren?

Beste Grüße,
Markus

so, nun habe ich die nächsen Logfiles erstellt.

Ich Danke dir erst mal sehr für deine Hilfe, Firefox funktioniert mittlerweile wieder.

Hier erst mal die LogFiles:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=92eccbd82fb19c44bd70b729fb87d793
# engine=17358
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-07 08:52:02
# local_time=2014-03-07 09:52:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1082137 11027206 0 0
# compatibility_mode=5893 16776573 100 94 135591 145856713 0 0
# scanned=592447
# found=11
# cleaned=0
# scan_time=17001
sh=4D52A31EF35C6AD0E91F44139D1E402BF1C5E380 ft=1 fh=40ad491ee4db0ae4 vn="multiple threats" ac=I fn="E:\Downloads\install_flash_player.exe"
sh=862C47FE3A7C7257A25AC0F58BFCAF5810263135 ft=0 fh=0000000000000000 vn="Win32/Adware.ToolPlugin application" ac=I fn="E:\*****-PC\Backup Set 2011-10-09 224401\Backup Files 2011-11-13 190003\Backup files 1.zip"
sh=F7123A16340F4EC407C8200D7444A7762B608F60 ft=0 fh=0000000000000000 vn="Win32/Adware.ToolPlugin application" ac=I fn="E:\*****-PC\Backup Set 2012-01-23 000955\Backup Files 2012-01-23 000955\Backup files 2.zip"
sh=50953DB3A5204B4E7AB89BD003B502458E3057EE ft=0 fh=0000000000000000 vn="JS/Iframe.CV trojan" ac=I fn="E:\*****-PC\Backup Set 2012-01-23 000955\Backup Files 2012-02-19 190014\Backup files 1.zip"
sh=5B34B45B382805CDFF05581D16133C5E4052058E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2011-3544.DD trojan" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache1979475170688956033.tmp"
sh=40F1A31211B7288650BAE5DEB0FE1931929DDED1 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache3458911331998420176.tmp"
sh=52701A66D87642F0DBA27EEB36A7D524E3B4A32B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache4934358429111038185.tmp"
sh=DFC57922038BFC73B7EE41C4AA4246392D0D5EB4 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.AH trojan" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache4939099841118595021.tmp"
sh=8D4B302C02A0EF8A6FA8F1FBF00D6E10F12A606E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.ONV trojan" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache7351464586270954530.tmp"
sh=4D52A31EF35C6AD0E91F44139D1E402BF1C5E380 ft=1 fh=40ad491ee4db0ae4 vn="multiple threats" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\YadHMygV.exe.part"
sh=4D52A31EF35C6AD0E91F44139D1E402BF1C5E380 ft=1 fh=40ad491ee4db0ae4 vn="multiple threats" ac=I fn="E:\Windows.old\Users\*****\Downloads\install_flash_player.exe"
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	12.0.0.70  
 Mozilla Firefox (27.0.1) 
 Mozilla Thunderbird (17.0.8) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014 01
Ran by ***** (administrator) on *****-PC on 07-03-2014 22:22:02
Running from C:\Users\*****\Downloads
Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMAgent.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMScan.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [Spotify Web Helper] - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-12-16] (Jumping Bytes)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: F - F:\sources\sperr32.exe x64
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: {8194dac8-be41-11e2-8b92-806e6f6e6963} - D:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDC4B6855652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "192.168.0.3"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.3"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.3"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "192.168.0.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.168.0.3"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\amazon-icon@giga.de [2014-03-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-16]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-02-18] (Juniper Networks)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
R2 postgresql-9.3; C:/Program Files/PostgreSQL/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2013-02-18] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-16] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [136904 2014-01-23] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [17864 2014-01-23] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [153672 2014-01-23] (MCCI Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [130376 2014-01-23] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 22:22 - 2014-03-07 22:22 - 00012280 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-07 22:21 - 2014-03-07 22:21 - 01145344 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-03-07 22:13 - 2014-03-07 22:13 - 00987442 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-03-07 22:08 - 2014-03-07 22:10 - 00002876 _____ () C:\Users\*****\Desktop\ESET.txt
2014-03-07 16:58 - 2014-03-07 16:58 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:30 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:21 - 2014-03-06 18:25 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:21 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:51 - 2014-03-06 15:51 - 00024833 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:12 - 2014-03-07 22:22 - 00000000 ____D () C:\FRST
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 08:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:10 - 2014-03-04 20:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:10 - 2014-03-03 23:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:09 - 2014-03-03 23:28 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:50 - 2014-03-03 21:54 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:46 - 2014-01-23 04:21 - 00153672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00136904 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00130376 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssceserd.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00017864 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-22 22:04 - 2014-02-23 00:25 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-18 23:51 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:33 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-18 23:33 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 23:04 - 2014-02-25 20:17 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:58 - 2014-02-18 22:59 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:55 - 2014-02-18 22:56 - 00000000 ____D () C:\Python33
2014-02-18 22:53 - 2014-02-25 15:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 22:52 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:52 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-02-18 22:52 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-02-18 22:52 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-02-18 22:52 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2014-02-18 22:52 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-02-18 22:52 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-02-18 22:52 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-02-18 22:52 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2014-02-18 22:52 - 2009-06-10 22:34 - 00316640 _____ () C:\Windows\WMSysPr9.prx
2014-02-18 22:51 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:51 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-02-18 22:50 - 2014-02-25 15:44 - 00000000 ____D () C:\Program Files\Samsung
2014-02-18 22:48 - 2014-02-18 22:49 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:30 - 2014-02-18 20:39 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 20:17 - 2014-02-18 20:41 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 08:34 - 2014-02-18 08:36 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:32 - 2014-02-18 08:33 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:34 - 2014-02-17 11:44 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:01 - 2014-02-16 19:03 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:52 - 2014-02-16 18:58 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:51 - 2014-02-16 19:05 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:45 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:44 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:35 - 2014-02-16 18:37 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:16 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:16 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:16 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:16 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:16 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:16 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:16 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:16 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:16 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:16 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:16 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:16 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:16 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:16 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:16 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:16 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:16 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:16 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:58 - 2014-02-12 16:10 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 16:13 - 2014-02-12 17:01 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 14:55 - 2014-02-12 14:54 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:35 - 2014-02-14 09:40 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-12 14:08 - 2014-02-12 14:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:59 - 2014-02-12 13:49 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-06 20:07 - 2014-02-07 14:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-03-07 22:22 - 2014-03-07 22:22 - 00012280 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-07 22:22 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-07 22:21 - 2014-03-07 22:21 - 01145344 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-03-07 22:13 - 2014-03-07 22:13 - 00987442 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-03-07 22:11 - 2013-10-14 05:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 22:10 - 2014-03-07 22:08 - 00002876 _____ () C:\Users\*****\Desktop\ESET.txt
2014-03-07 21:51 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 21:51 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 20:41 - 2013-05-16 17:01 - 01080025 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 17:05 - 2010-11-20 22:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-07 16:58 - 2014-03-07 16:58 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-03-07 16:51 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 16:51 - 2009-07-14 05:07 - 00049391 _____ () C:\Windows\setupact.log
2014-03-07 12:13 - 2013-09-30 19:01 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-03-07 08:31 - 2013-05-16 17:54 - 00000000 ____D () C:\Users\*****
2014-03-06 20:07 - 2013-08-02 22:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:25 - 2014-03-06 18:21 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:20 - 2014-03-06 18:30 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 18:14 - 2013-05-16 17:58 - 00000000 ____D () C:\Windows\Panther
2014-03-06 18:14 - 2010-11-20 22:49 - 00255550 _____ () C:\Windows\PFRO.log
2014-03-06 17:58 - 2014-03-06 18:21 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:51 - 2014-03-06 15:51 - 00024833 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-06 15:35 - 2013-10-01 07:45 - 00000000 ____D () C:\Program Files\BaSyTec
2014-03-06 07:28 - 2009-07-14 05:17 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:56 - 2013-09-13 08:52 - 336285250 _____ () C:\Windows\MEMORY.DMP
2014-03-05 17:56 - 2013-09-13 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 07:23 - 2013-05-19 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:11 - 2014-03-04 20:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 16:03 - 2013-12-04 09:30 - 00000000 ____D () C:\Users\*****\Documents\Praktikum_Deutronic
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:28 - 2014-03-03 23:09 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:26 - 2014-03-03 23:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:54 - 2014-03-03 21:50 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:18 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-26 17:22 - 2013-05-17 18:53 - 00000000 ____D () C:\Users\*****\Documents\MATLAB
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 20:17 - 2014-02-18 23:04 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-25 15:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-25 15:45 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-25 15:44 - 2014-02-18 22:50 - 00000000 ____D () C:\Program Files\Samsung
2014-02-25 15:43 - 2014-02-18 22:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-24 22:08 - 2013-09-18 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2014-02-24 20:52 - 2013-09-18 17:03 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2014-02-24 08:25 - 2013-09-30 17:50 - 00000000 ____D () C:\Users\*****\Desktop\Programme
2014-02-23 00:25 - 2014-02-22 22:04 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-22 18:18 - 2013-12-22 23:33 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 18:18 - 2013-05-16 20:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 18:18 - 2013-05-16 20:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 17:11 - 2013-05-16 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:11 - 2013-05-16 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-19 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:51 - 2014-02-18 22:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-18 23:33 - 2013-05-16 20:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 23:31 - 2013-09-30 18:48 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:59 - 2014-02-18 22:58 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:56 - 2014-02-18 22:55 - 00000000 ____D () C:\Python33
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:49 - 2014-02-18 22:48 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:41 - 2014-02-18 20:17 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:39 - 2014-02-18 20:30 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 13:48 - 2013-09-30 17:57 - 00000000 ____D () C:\Users\*****\Praktikum
2014-02-18 11:12 - 2014-01-28 08:30 - 00000000 ____D () C:\Users\*****\Bachelorarbeit
2014-02-18 11:11 - 2013-10-08 07:04 - 00079872 ___SH () C:\Users\*****\Thumbs.db
2014-02-18 08:36 - 2014-02-18 08:34 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:33 - 2014-02-18 08:32 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:44 - 2014-02-17 11:34 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:05 - 2014-02-16 18:51 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 19:03 - 2014-02-16 19:01 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:58 - 2014-02-16 18:52 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:49 - 2014-02-16 18:45 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:49 - 2014-02-16 18:44 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:37 - 2014-02-16 18:35 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-14 09:40 - 2014-02-12 14:35 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2013-08-06 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:14 - 2013-05-16 20:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:01 - 2014-02-12 16:13 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 16:10 - 2014-02-12 16:58 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 14:54 - 2014-02-12 14:55 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:13 - 2014-02-12 14:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:49 - 2014-02-12 13:59 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-11 14:06 - 2014-01-16 12:27 - 00000000 ____D () C:\Users\*****\Documents\Praesentation_Deutronic_Praktikum
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-07 16:33 - 2014-02-18 23:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-07 14:09 - 2014-02-06 20:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-12 17:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-12 17:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-12 17:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-12 17:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-12 17:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 17:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-12 17:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-12 17:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-12 17:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-12 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-12 17:16 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-12 17:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-12 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-12 17:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 17:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 17:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-12 17:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-12 17:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-12 17:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\Checkupdate.exe
C:\Users\*****\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\gcapi_dll.dll
C:\Users\*****\AppData\Local\Temp\GdiPlus.dll
C:\Users\*****\AppData\Local\Temp\gtapi_signed.dll
C:\Users\*****\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\*****\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\*****\AppData\Local\Temp\pyl2665.tmp.exe
C:\Users\*****\AppData\Local\Temp\pyl7DBA.tmp.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 09:25

==================== End Of Log ============================
--- --- ---

--- --- ---


Ich habe tatsächlich noch ein paar fragen:

1. Weißt du wie ich mir des eingefangen habe?
2. Weißt du was ich anders machen kann um dies zukünftig zu verhindern?
3. Ist mein Laptop nun wieder so sicher, dass ich auch Online Banking wieder machen kann?

Vielen Dank schon mal für die Antworten falls du die Zeit findest.

Beste Grüße,
Markus


Alt 08.03.2014, 20:08   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Wir müssen noch kurz Dienste checken, dann sind wir durch. Fragen machen wir dann

Laufwerk E:

Backup löschen, Windows.old ordner löschen


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
--> Windows 7: Security.Hijack gefunden, was nun?

Alt 09.03.2014, 09:25   #7
PP88
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Hallo Schrauber,

alles klar. Ich folge dir blind aufs Wort.

Backup ist gelöscht. Windows.old-Ordner ist gelöscht, TFC ist durchgelaufen.

Hier der Inhalt der FSS.txt:

Code:
ATTFilter
Farbar Service Scanner Version: 25-02-2014
Ran by ***** (administrator) on 09-03-2014 at 09:17:28
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Professional N  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-11-26 18:08] - [2013-11-26 18:08] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-11-26 18:08] - [2013-11-26 18:08] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-09-13 07:51] - [2013-07-09 05:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-17 22:29] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
Und immer wieder tausen Dank..

Beste Grüße,
Markus

Alt 10.03.2014, 09:57   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.



Frisches FSS und FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.03.2014, 20:58   #9
PP88
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Hallo Schrauber,

soweit alles erledigt, hier ist FSS:

Code:
ATTFilter
Farbar Service Scanner Version: 25-02-2014
Ran by ***** (administrator) on 10-03-2014 at 20:50:44
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Professional N  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-11-26 18:08] - [2013-11-26 18:08] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-11-26 18:08] - [2013-11-26 18:08] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-09-13 07:51] - [2013-07-09 05:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-17 22:29] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01
Ran by ***** (administrator) on *****-PC on 10-03-2014 20:55:11
Running from C:\Users\*****\Downloads
Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMScan.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-

Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [Spotify Web Helper] - C:\Users\*****\AppData\Roaming\Spotify\Data

\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio

\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-

02-07] (Samsung)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -

startup
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-

12-16] (Jumping Bytes)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: F - F:\sources\sperr32.exe x64
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: {8194dac8-be41-11e2-8b92-806e6f6e6963} - D:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDC4B6855652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST 

Software)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast

\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "192.168.0.3"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.3"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.3"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "192.168.0.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.168.0.3"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader

\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader

\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\amazon-icon@giga.de 

[2014-03-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\{d10d0bf8-f5b5-

c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-16]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker

\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-02-18] (Juniper Networks)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit 

Corporation)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper 

Networks, Inc.)
S2 postgresql-9.3; C:/Program Files/PostgreSQL/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D "C:/Program 

Files/PostgreSQL/9.3/data" -w [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2013-02-18] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-16] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [136904 2014-01-23] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [17864 2014-01-23] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [153672 2014-01-23] (MCCI Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [130376 2014-01-23] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-10 20:53 - 2014-03-10 20:53 - 00000000 ____D () C:\Users\*****\Downloads\FRST-OlderVersion
2014-03-10 20:50 - 2014-03-10 20:51 - 00002628 _____ () C:\Users\*****\Desktop\FSS.txt
2014-03-10 20:05 - 2014-03-10 20:25 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-10 20:02 - 2014-03-10 20:02 - 00000000 ____D () C:\RegBackup
2014-03-10 19:22 - 2014-03-10 19:22 - 00003336 _____ () C:\bootsqm.dat
2014-03-10 19:13 - 2014-03-10 19:15 - 00000000 ____D () C:\Users\*****\Downloads\Tweaking.com - Windows Repair
2014-03-10 18:07 - 2014-03-10 18:07 - 00024120 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-10 06:49 - 2014-03-10 06:49 - 33488656 _____ (Foxit Corporation ) C:\Users\*****\Downloads

\FoxitReader614.0217_enu_Setup.exe
2014-03-09 11:07 - 2014-03-09 11:36 - 00000000 ____D () C:\Users\*****\Matlab_install
2014-03-09 10:22 - 2014-03-09 10:22 - 00000258 _____ () C:\Users\*****\defogger_enable.log
2014-03-09 10:21 - 2014-03-09 10:21 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-03-09 09:16 - 2014-03-09 09:16 - 00409600 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2014-03-09 08:26 - 2014-03-09 08:26 - 00448512 _____ (OldTimer Tools) C:\Users\*****\Desktop\TFC.exe
2014-03-08 11:57 - 2014-03-08 15:10 - 00000000 ____D () C:\Users\*****\Documents\Minimalbeispiel
2014-03-07 22:22 - 2014-03-10 20:55 - 00012297 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-07 22:21 - 2014-03-10 20:53 - 01145856 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-03-07 22:13 - 2014-03-07 22:13 - 00987442 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-03-07 16:58 - 2014-03-07 16:58 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:30 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:21 - 2014-03-06 18:25 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:21 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:12 - 2014-03-10 20:55 - 00000000 ____D () C:\FRST
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 08:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:10 - 2014-03-04 20:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:10 - 2014-03-03 23:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:09 - 2014-03-03 23:28 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:50 - 2014-03-03 21:54 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:46 - 2014-01-23 04:21 - 00153672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00136904 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00130376 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssceserd.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00017864 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-

1.9.5.2.exe
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-22 22:04 - 2014-02-23 00:25 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-18 23:51 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:33 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-18 23:33 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 23:04 - 2014-02-25 20:17 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:58 - 2014-02-18 22:59 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:55 - 2014-02-18 22:56 - 00000000 ____D () C:\Python33
2014-02-18 22:53 - 2014-02-25 15:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 22:52 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:52 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-02-18 22:52 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-02-18 22:52 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-02-18 22:52 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2014-02-18 22:52 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-02-18 22:52 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-02-18 22:52 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-02-18 22:52 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2014-02-18 22:52 - 2009-06-10 22:34 - 00316640 _____ () C:\Windows\WMSysPr9.prx
2014-02-18 22:51 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:51 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-02-18 22:50 - 2014-02-25 15:44 - 00000000 ____D () C:\Program Files\Samsung
2014-02-18 22:48 - 2014-02-18 22:49 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:30 - 2014-02-18 20:39 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 20:17 - 2014-02-18 20:41 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 08:34 - 2014-02-18 08:36 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:32 - 2014-02-18 08:33 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads

\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:34 - 2014-02-17 11:44 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:01 - 2014-02-16 19:03 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.r01
2014-02-16 18:52 - 2014-02-16 18:58 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.r00
2014-02-16 18:51 - 2014-02-16 19:05 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.rar
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:45 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:44 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-

Downloader.exe
2014-02-16 18:35 - 2014-02-16 18:37 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:16 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:16 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:16 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:16 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:16 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:16 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:16 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:16 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:16 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:16 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:16 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:16 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:16 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:16 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:16 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:16 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:16 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:16 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:58 - 2014-02-12 16:10 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 16:13 - 2014-02-12 17:01 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 14:55 - 2014-02-12 14:54 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:35 - 2014-02-14 09:40 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-12 14:08 - 2014-02-12 14:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:59 - 2014-02-12 13:49 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-

9.3.1-1-windows.exe
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe

==================== One Month Modified Files and Folders =======

2014-03-10 20:55 - 2014-03-07 22:22 - 00012297 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-10 20:55 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-10 20:53 - 2014-03-10 20:53 - 00000000 ____D () C:\Users\*****\Downloads\FRST-OlderVersion
2014-03-10 20:53 - 2014-03-07 22:21 - 01145856 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-03-10 20:51 - 2014-03-10 20:50 - 00002628 _____ () C:\Users\*****\Desktop\FSS.txt
2014-03-10 20:32 - 2010-11-20 22:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-10 20:27 - 2010-11-20 22:49 - 00256672 _____ () C:\Windows\PFRO.log
2014-03-10 20:27 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 20:27 - 2009-07-14 05:07 - 00049839 _____ () C:\Windows\setupact.log
2014-03-10 20:27 - 2009-07-14 05:02 - 00311520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-10 20:26 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-

A289-439d-8115-601632D005A0
2014-03-10 20:26 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-

A289-439d-8115-601632D005A0
2014-03-10 20:25 - 2014-03-10 20:05 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-10 20:24 - 2013-05-16 17:01 - 01283303 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 20:11 - 2013-10-14 05:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 20:02 - 2014-03-10 20:02 - 00000000 ____D () C:\RegBackup
2014-03-10 19:44 - 2013-08-02 22:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-03-10 19:31 - 2013-09-18 17:03 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2014-03-10 19:31 - 2013-09-18 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2014-03-10 19:22 - 2014-03-10 19:22 - 00003336 _____ () C:\bootsqm.dat
2014-03-10 19:15 - 2014-03-10 19:13 - 00000000 ____D () C:\Users\*****\Downloads\Tweaking.com - Windows Repair
2014-03-10 18:07 - 2014-03-10 18:07 - 00024120 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-10 08:45 - 2013-09-30 19:01 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-03-10 06:52 - 2013-05-19 14:00 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Foxit Software
2014-03-10 06:49 - 2014-03-10 06:49 - 33488656 _____ (Foxit Corporation ) C:\Users\*****\Downloads

\FoxitReader614.0217_enu_Setup.exe
2014-03-09 11:36 - 2014-03-09 11:07 - 00000000 ____D () C:\Users\*****\Matlab_install
2014-03-09 11:08 - 2013-05-16 17:54 - 00000000 ____D () C:\Users\*****
2014-03-09 10:22 - 2014-03-09 10:22 - 00000258 _____ () C:\Users\*****\defogger_enable.log
2014-03-09 10:22 - 2013-10-08 07:04 - 00079872 ___SH () C:\Users\*****\Thumbs.db
2014-03-09 10:21 - 2014-03-09 10:21 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-03-09 09:16 - 2014-03-09 09:16 - 00409600 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2014-03-09 08:26 - 2014-03-09 08:26 - 00448512 _____ (OldTimer Tools) C:\Users\*****\Desktop\TFC.exe
2014-03-08 15:10 - 2014-03-08 11:57 - 00000000 ____D () C:\Users\*****\Documents\Minimalbeispiel
2014-03-07 22:13 - 2014-03-07 22:13 - 00987442 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-03-07 16:58 - 2014-03-07 16:58 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:25 - 2014-03-06 18:21 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:20 - 2014-03-06 18:30 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 18:14 - 2013-05-16 17:58 - 00000000 ____D () C:\Windows\Panther
2014-03-06 17:58 - 2014-03-06 18:21 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:35 - 2013-10-01 07:45 - 00000000 ____D () C:\Program Files\BaSyTec
2014-03-06 07:28 - 2009-07-14 05:17 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:56 - 2013-09-13 08:52 - 336285250 _____ () C:\Windows\MEMORY.DMP
2014-03-05 17:56 - 2013-09-13 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 07:23 - 2013-05-19 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:11 - 2014-03-04 20:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 16:03 - 2013-12-04 09:30 - 00000000 ____D () C:\Users\*****\Documents\Praktikum_Deutronic
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:28 - 2014-03-03 23:09 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:26 - 2014-03-03 23:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:54 - 2014-03-03 21:50 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:18 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-26 17:22 - 2013-05-17 18:53 - 00000000 ____D () C:\Users\*****\Documents\MATLAB
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-

1.9.5.2.exe
2014-02-25 20:17 - 2014-02-18 23:04 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-25 15:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-25 15:45 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-25 15:44 - 2014-02-18 22:50 - 00000000 ____D () C:\Program Files\Samsung
2014-02-25 15:43 - 2014-02-18 22:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-24 08:25 - 2013-09-30 17:50 - 00000000 ____D () C:\Users\*****\Desktop\Programme
2014-02-23 00:25 - 2014-02-22 22:04 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-22 18:18 - 2013-12-22 23:33 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 18:18 - 2013-05-16 20:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 18:18 - 2013-05-16 20:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 17:11 - 2013-05-16 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:11 - 2013-05-16 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-19 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:51 - 2014-02-18 22:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-18 23:33 - 2013-05-16 20:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 23:31 - 2013-09-30 18:48 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:59 - 2014-02-18 22:58 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:56 - 2014-02-18 22:55 - 00000000 ____D () C:\Python33
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:49 - 2014-02-18 22:48 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:41 - 2014-02-18 20:17 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:39 - 2014-02-18 20:30 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 13:48 - 2013-09-30 17:57 - 00000000 ____D () C:\Users\*****\Praktikum
2014-02-18 11:12 - 2014-01-28 08:30 - 00000000 ____D () C:\Users\*****\Bachelorarbeit
2014-02-18 08:36 - 2014-02-18 08:34 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:33 - 2014-02-18 08:32 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads

\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:44 - 2014-02-17 11:34 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:05 - 2014-02-16 18:51 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.rar
2014-02-16 19:03 - 2014-02-16 19:01 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.r01
2014-02-16 18:58 - 2014-02-16 18:52 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.r00
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:49 - 2014-02-16 18:45 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:49 - 2014-02-16 18:44 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-

Downloader.exe
2014-02-16 18:37 - 2014-02-16 18:35 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-14 09:40 - 2014-02-12 14:35 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2013-08-06 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:14 - 2013-05-16 20:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:01 - 2014-02-12 16:13 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 16:10 - 2014-02-12 16:58 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 14:54 - 2014-02-12 14:55 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:13 - 2014-02-12 14:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:49 - 2014-02-12 13:59 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-

9.3.1-1-windows.exe
2014-02-11 14:06 - 2014-01-16 12:27 - 00000000 ____D () C:\Users\*****\Documents\Praesentation_Deutronic_Praktikum
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 07:25

==================== End Of Log ============================
--- --- ---


what's next?

Beste Grüße
Markus

Alt 11.03.2014, 13:44   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Wie läuft der Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.03.2014, 14:11   #11
PP88
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Hallo,

an sich beschwerdefrei momentan.
Gutes Zeichen?

Beste Grüße,
Markus
Geändert von PP88 (11.03.2014 um 14:34 Uhr)

Alt 12.03.2014, 09:45   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.03.2014, 22:04   #13
PP88
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Hallo schrauber,

tut mir unendlich leid, dass ich jetzt erst antworte. Allerdings hatte ich total viel Stress und es waren ja doch einige Aufträge die du mir gegeben hast.

Ein ganz großes Dankeschön für alles, ich werde sicher eine entsprechende Bewertung hinterlassen.

Also ein muss ich jetzt noch wissen, dann kannst du den Thread schließen.

Würdest du meinem System jetzt wieder soweit trauen, damit du Onlineüberweisungen tätigen würdest?

Beste Grüße
Markus

Alt 22.03.2014, 19:03   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Ja würde ich
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.03.2014, 08:29   #15
PP88
 
Windows 7: Security.Hijack gefunden, was nun? - Standard

Windows 7: Security.Hijack gefunden, was nun?


Alles klar,
das wollte ich hören.

Vielen Dank nochmal.

Beste Grüße
Markus

Antwort
Seite 1 von 2 1 2

Themen zu Windows 7: Security.Hijack gefunden, was nun?
adobe, amazon-icon, browser, desktop, fehlermeldung, files/postgresql/9.3/data", firefox, flash player, giga.de, installation, java/exploit.agent.onv, java/exploit.cve-2011-3544.dd, java/exploit.cve-2012-0507.ah, js/iframe.cv, launch, newtab, problem, pup.optional.amonetize, pup.optional.bundleinstaller.a, security.hijack, services.exe, spotify web helper, svchost.exe, virtualbox, win32/adware.toolplugin, windows, winlogon.exe


« Malewarebytes Anti-Maleware Runtime Error | Extrem viele Funde mit AVIRA und Malwarebytes »


Ähnliche Themen: Windows 7: Security.Hijack gefunden, was nun?


  1. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  2. Windows 7: Security.Hijack ?
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (9)
  3. Security Hijack
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (21)
  4. Adware Tracking Cookie und Security HiJack
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (30)
  5. TaskManager funktioniert nicht, Security Hijack
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (8)
  6. Security.Hijack in itunes.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (1)
  7. Malwarebytes Scan - Infektion gefunden - Security.Hijack
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  8. TR/Offend.7014939.CV von AntiVir gefunden -- PUM.Hijack.ConnectionControl von Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (16)
  9. Security.HiJack [ImageFileExecutionOptions]
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (9)
  10. Fund bei Malwarebytes - Security Hijack -
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (21)
  11. Security.Hijack in userinit.exe
    Log-Analyse und Auswertung - 03.08.2011 (19)
  12. Security.hijack in Win XPpro
    Log-Analyse und Auswertung - 07.01.2011 (3)
  13. AV Security / HiJack- MalwareBytesLog inside.
    Plagegeister aller Art und deren Bekämpfung - 17.07.2010 (1)
  14. Hijack zur Überprüfung nach Entfernung von AV Security
    Log-Analyse und Auswertung - 21.06.2010 (22)
  15. TR/Dropper.Gen und Security.Hijack
    Log-Analyse und Auswertung - 14.12.2009 (7)
  16. IE und Antivir funktioniert nicht - Security.Hijack und Hijack.ControlPanelStyle
    Log-Analyse und Auswertung - 25.07.2009 (37)
  17. Windows Security Alert / Mehrere Trojaner gefunden u.a. Trojan-Spy.Win32.GreenScreen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2008 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Security.Hijack gefunden, was nun? - Hallo, vor zwei Tagen lies sich zum ersten mal mein Firefox nicht mehr öffnen, stattdessen ist folgende Fehlermeldung erschienen: "Einschränkung: Der Vorgang wurde aufgrund von aktuellen Beschränkungen auf dem Computer - Windows 7: Security.Hijack gefunden, was nun?...
Archiv
Du betrachtest: Windows 7: Security.Hijack gefunden, was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131