| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Security.Hijack gefunden, was nun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.03.2014, 18:38
| #1 |
| |  Windows 7: Security.Hijack gefunden, was nun? Hallo, vor zwei Tagen lies sich zum ersten mal mein Firefox nicht mehr öffnen, stattdessen ist folgende Fehlermeldung erschienen: "Einschränkung: Der Vorgang wurde aufgrund von aktuellen Beschränkungen auf dem Computer abgebrochen. Wenden Sie sich an den Systemadministrator." Daraufhin habe ich das Problem gegoogelt und habe in diesem Forum hxxp://www.camp-firefox.de/forum/viewtopic.php?f=1&t=104012 den Tipp erhalten Malwarebytes-Antimalware über meinen PC laufen zu lassen. Nun ja, dort habe ich gesehen das mein Laptop u.a. befallen ist von Security.Hijack. Daraufhin habe ich auch danach gegoogelt und folgenden Link http://www.trojaner-board.de/69886-a...-beachten.html gefunden. Deswegen bin ich nun hier und hoffe mir kann jemand sagen was ich jetzt unternehmen soll. Ich hoffe nur, dass ich nicht alles löschen muss... Hier sind erst mal die Logfiles der Programme die mir empfohlen wurden. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.05.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16518 ***** :: *****-PC [Administrator] 05.03.2014 09:09:41 MBAM-log-2014-03-05 (10-23-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206317 Laufzeit: 6 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|1 (Security.Hijack) -> Daten: firefox.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 39 C:\Users\*****\AppData\Local\Temp\+r_JPHDv.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\+Z3j8z_9.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\e8qLHA7u.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\Ea8GvexE.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\eKfqnz0B.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\ivuQ9Mn7.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\HTURPFAv.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\ICm0SyU9.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\IiNk99rL.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\mmesw0Gw.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\1KI1kO1y.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\2D9dsMZw.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\3e8LeMCu.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\5vVb4h44.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\7KrENgIY.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\J0GOB77_.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\jnSqoPK0.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\kuUSLwNS.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\MG5k08CL.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\yrhA79ts.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\reAbACIV.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\Sp+qjjvW.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\sQ47tAfW.exe.part (PUP.Optional.Amonetize) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\wmOPCCZd.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\wYLVTmDR.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\DPi2+qHs.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\PVJHGT39.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\Q68kPzYO.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\qC1tfmKX.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\QTXe2Vw3.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\XQzQ3WJz.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\UMkxsxf_.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\Uu5uKVlE.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\v1YA1GIU.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\VGng2l8K.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\ItQtSVii.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\8Cl1SA+x.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\lH9vI6m2.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\LVlA7AaO.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:10 on 05/03/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2014
Ran by ***** (administrator) on *****-PC on 05-03-2014 17:12:37
Running from C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8O90389
Microsoft Windows 7 Professional N Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMScan.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [Spotify Web Helper] - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-12-16] (Jumping Bytes)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer\DisallowRun: [1] firefox.exe
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: F - F:\sources\sperr32.exe x64
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: {8194dac8-be41-11e2-8b92-806e6f6e6963} - D:\autorun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDC4B6855652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "192.168.0.3"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.3"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.3"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "192.168.0.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.168.0.3"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\amazon-icon@giga.de [2014-03-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-16]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-02-18] (Juniper Networks)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
R2 postgresql-9.3; C:/Program Files/PostgreSQL/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X]
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2013-02-18] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-16] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [136904 2014-01-23] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [17864 2014-01-23] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [153672 2014-01-23] (MCCI Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [130376 2014-01-23] (MCCI Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-05 17:10 - 2014-03-05 17:10 - 00000486 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 08:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:10 - 2014-03-04 20:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:10 - 2014-03-03 23:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:09 - 2014-03-03 23:28 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:50 - 2014-03-03 21:54 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:46 - 2014-01-23 04:21 - 00153672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00136904 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00130376 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssceserd.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00017864 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2014-02-26 13:52 - 2014-02-26 13:52 - 00028092 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-22 22:04 - 2014-02-23 00:25 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-18 23:51 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:37 - 2014-02-18 23:37 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-02-18 23:33 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-18 23:33 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 23:04 - 2014-02-25 20:17 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:58 - 2014-02-18 22:59 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:55 - 2014-02-18 22:56 - 00000000 ____D () C:\Python33
2014-02-18 22:53 - 2014-02-25 15:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 22:52 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:52 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-02-18 22:52 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-02-18 22:52 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-02-18 22:52 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2014-02-18 22:52 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-02-18 22:52 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-02-18 22:52 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-02-18 22:52 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2014-02-18 22:52 - 2009-06-10 22:34 - 00316640 _____ () C:\Windows\WMSysPr9.prx
2014-02-18 22:51 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:51 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-02-18 22:50 - 2014-02-25 15:44 - 00000000 ____D () C:\Program Files\Samsung
2014-02-18 22:48 - 2014-02-18 22:49 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:30 - 2014-02-18 20:39 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 20:17 - 2014-02-18 20:41 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 08:34 - 2014-02-18 08:36 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:32 - 2014-02-18 08:33 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:34 - 2014-02-17 11:44 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:01 - 2014-02-16 19:03 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:52 - 2014-02-16 18:58 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:51 - 2014-02-16 19:05 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:45 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:44 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:35 - 2014-02-16 18:37 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:16 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:16 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:16 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:16 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:16 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:16 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:16 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:16 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:16 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:16 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:16 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:16 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:16 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:16 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:16 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:16 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:16 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:16 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:58 - 2014-02-12 16:10 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 16:13 - 2014-02-12 17:01 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 14:55 - 2014-02-12 14:54 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:35 - 2014-02-14 09:40 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-12 14:08 - 2014-02-12 14:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:59 - 2014-02-12 13:49 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-06 20:07 - 2014-02-07 14:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-05 17:11 - 2013-10-14 05:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 17:10 - 2014-03-05 17:10 - 00000486 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 17:10 - 2013-05-16 17:54 - 00000000 ____D () C:\Users\*****
2014-03-05 17:08 - 2013-05-16 17:01 - 01915081 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 17:05 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 17:05 - 2009-07-14 05:07 - 00048831 _____ () C:\Windows\setupact.log
2014-03-05 16:41 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 16:41 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 14:02 - 2013-09-30 19:01 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 07:23 - 2013-05-19 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:11 - 2014-03-04 20:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 16:03 - 2013-12-04 09:30 - 00000000 ____D () C:\Users\*****\Documents\Praktikum_Deutronic
2014-03-04 14:25 - 2010-11-20 22:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:28 - 2014-03-03 23:09 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:26 - 2014-03-03 23:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:54 - 2014-03-03 21:50 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:18 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-27 20:46 - 2013-08-02 22:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-02-26 17:22 - 2013-05-17 18:53 - 00000000 ____D () C:\Users\*****\Documents\MATLAB
2014-02-26 13:52 - 2014-02-26 13:52 - 00028092 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 20:17 - 2014-02-18 23:04 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-25 15:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-25 15:45 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-25 15:44 - 2014-02-18 22:50 - 00000000 ____D () C:\Program Files\Samsung
2014-02-25 15:43 - 2014-02-18 22:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-24 22:08 - 2013-09-18 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2014-02-24 20:52 - 2013-09-18 17:03 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2014-02-24 08:25 - 2013-09-30 17:50 - 00000000 ____D () C:\Users\*****\Desktop\Programme
2014-02-23 09:16 - 2010-11-20 22:49 - 00245462 _____ () C:\Windows\PFRO.log
2014-02-23 00:25 - 2014-02-22 22:04 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-22 18:18 - 2013-12-22 23:33 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 18:18 - 2013-05-16 20:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 18:18 - 2013-05-16 20:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 17:11 - 2013-05-16 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:11 - 2013-05-16 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-19 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:51 - 2014-02-18 22:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-18 23:37 - 2014-02-18 23:37 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-02-18 23:33 - 2013-05-16 20:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 23:31 - 2013-09-30 18:48 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:59 - 2014-02-18 22:58 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:56 - 2014-02-18 22:55 - 00000000 ____D () C:\Python33
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:49 - 2014-02-18 22:48 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:41 - 2014-02-18 20:17 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:39 - 2014-02-18 20:30 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 13:48 - 2013-09-30 17:57 - 00000000 ____D () C:\Users\*****\Praktikum
2014-02-18 11:12 - 2014-01-28 08:30 - 00000000 ____D () C:\Users\*****\Bachelorarbeit
2014-02-18 11:11 - 2013-10-08 07:04 - 00079872 ___SH () C:\Users\*****\Thumbs.db
2014-02-18 08:36 - 2014-02-18 08:34 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:33 - 2014-02-18 08:32 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:44 - 2014-02-17 11:34 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:05 - 2014-02-16 18:51 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 19:03 - 2014-02-16 19:01 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:58 - 2014-02-16 18:52 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:49 - 2014-02-16 18:45 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:49 - 2014-02-16 18:44 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:37 - 2014-02-16 18:35 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-14 14:36 - 2013-10-01 07:45 - 00000000 ____D () C:\Program Files\BaSyTec
2014-02-14 09:40 - 2014-02-12 14:35 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2013-08-06 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:14 - 2013-05-16 20:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:01 - 2014-02-12 16:13 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 16:10 - 2014-02-12 16:58 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 14:54 - 2014-02-12 14:55 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:13 - 2014-02-12 14:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:49 - 2014-02-12 13:59 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-11 14:06 - 2014-01-16 12:27 - 00000000 ____D () C:\Users\*****\Documents\Praesentation_Deutronic_Praktikum
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-07 16:33 - 2014-02-18 23:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-07 14:09 - 2014-02-06 20:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-12 17:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-12 17:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-12 17:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-12 17:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-12 17:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 17:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-12 17:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-12 17:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-12 17:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-12 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-12 17:16 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-12 17:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-12 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-12 17:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 17:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 17:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-12 17:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-12 17:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-12 17:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\Checkupdate.exe
C:\Users\*****\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\gcapi_dll.dll
C:\Users\*****\AppData\Local\Temp\GdiPlus.dll
C:\Users\*****\AppData\Local\Temp\gtapi_signed.dll
C:\Users\*****\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\*****\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\*****\AppData\Local\Temp\pyl2665.tmp.exe
C:\Users\*****\AppData\Local\Temp\pyl7DBA.tmp.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-28 09:25
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2014
Ran by ***** at 2014-03-05 17:13:03
Running from C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8O90389
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ActiveState Komodo Edit 8.5.3 (HKLM\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.3 - ActiveState Software Inc.)
AdblockIE (HKLM\...\{5508128A-2C7B-46B5-81F9-58E8E8115F0B}) (Version: 1.2 - af0.net)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
BaSyTec (HKLM\...\{DEE17AC1-38EB-4CDA-81CB-AE8CEC940967}) (Version: 5.00.00 - BaSyTec GmbH)
BeCyPDFMetaEdit (HKLM\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dungeon Keeper 2 (HKLM\...\Dungeon Keeper II) (Version: - )
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Juniper Installer Service (HKLM\...\SetupService) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Network Connect 7.1.14 (HKLM\...\Juniper Network Connect 7.1.14) (Version: 7.1.14.23943 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maple 15 (HKLM\...\Maple 15) (Version: 15.0.0.0 - Maplesoft)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mobile Master (Version: 8.9.3 - Jumping Bytes) Hidden
Mobile Master 8.9.3 (HKLM\...\Mobile Master) (Version: 8.9.3 - Jumping Bytes)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKCU\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.6128 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13550 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.2 (HKLM\...\{91E5A436-8560-4621-9F26-D7050D078832}) (Version: 4.3.2 - Oracle Corporation)
Populous: The Beginning (HKLM\...\Populous: The Beginning) (Version: - )
PostgreSQL 9.3 (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
psqlODBC (HKLM\...\{D3527FA5-9C2B-4550-A59B-9534A78950F4}) (Version: 09.03.0100 - PostgreSQL Global Development Group)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Python 3.3.4 (HKLM\...\{cc2659bc-d27d-3593-a0a0-9ac0de07a430}) (Version: 3.3.4150 - Python Software Foundation)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM\...\{7709C9B0-AD83-4F7C-A153-B956BC3C3B0A}) (Version: 3.1.10 - Kivuto Solutions Inc.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7255 - Analog Devices)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Ubuntu (HKLM\...\Wubi) (Version: 13.10-rev284 - Ubuntu)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
==================== Restore Points =========================
18-02-2014 21:50:15 Installiert Samsung New PC Studio
18-02-2014 21:58:17 Installed ActiveState Komodo Edit 8.5.3
18-02-2014 22:01:15 Entfernt Samsung New PC Studio
18-02-2014 22:03:52 Installiert Samsung New PC Studio
18-02-2014 22:32:45 Installed Samsung Kies
20-02-2014 05:49:13 Windows Update
22-02-2014 17:17:24 avast! antivirus system restore point
23-02-2014 18:32:07 Windows-Sicherung
25-02-2014 14:37:33 Removed Samsung Kies
25-02-2014 14:42:39 Installed Samsung Kies
03-03-2014 11:29:26 Windows-Sicherung
03-03-2014 22:08:53 Installed Mobile Master
==================== Hosts content: ==========================
2009-07-14 03:04 - 2013-11-10 23:40 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2E955674-911C-40A2-A5A5-496DC9918F54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {7C30373D-B376-4CDD-A094-9E4038EBDF9C} - System32\Tasks\RunAsStdUser Task => C:\Program Files\MATLAB\R2010a\MATLAB R2010a.lnk [2013-05-17] () <==== ATTENTION
Task: {92DBBDA2-9A7D-42F0-8758-ADEFF8B077DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-22] (AVAST Software)
Task: {9787913F-5EEB-4C0D-9BE5-0C4CAB2D7496} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-03-05 07:23 - 2014-03-04 20:03 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030401\algo.dll
2014-02-12 14:04 - 2013-10-08 08:07 - 00139264 _____ () C:\Program Files\PostgreSQL\9.3\bin\LIBPQ.dll
2014-02-12 14:05 - 2012-08-14 14:30 - 01009664 _____ () C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
2013-12-12 16:46 - 2013-12-12 16:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-25 15:45 - 2014-02-25 15:45 - 00185344 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\7aed4e2ec90776185850c38df3083049\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-25 15:46 - 2014-02-25 15:46 - 15006208 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4c5e9b147e83762f9ed2f2a7998fbdce\Kies.Theme.ni.dll
2014-02-25 15:45 - 2014-02-25 15:45 - 01839104 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\70d92dda0fd3438e66027154948fc87a\Kies.UI.ni.dll
2014-02-25 15:45 - 2014-02-25 15:45 - 00081408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\865e3cc4ed0bac3d0f35f95a5e8e15a3\Kies.MVVM.ni.dll
2014-02-25 15:46 - 2014-02-25 15:46 - 00233984 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\97df4af47d975f5e8e1a80f9e246d4b6\ASF_cSharpAPI.ni.dll
2014-02-06 20:07 - 2014-02-06 20:07 - 03019376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-02-06 20:07 - 2014-02-06 20:07 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-06 20:07 - 2014-02-06 20:07 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==================== Faulty Device Manager Devices =============
Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/05/2014 05:05:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2014 09:43:15 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (03/05/2014 08:58:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2014 07:24:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2014 07:23:25 AM) (Source: PostgreSQL) (User: )
Description: Zeitüberschreitung beim Warten auf Start des Servers
Error: (03/04/2014 08:04:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/04/2014 09:39:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/03/2014 09:21:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1668, Zeitstempel: 0x52f4b1dd
Name des fehlerhaften Moduls: PresentationFramework.ni.dll, Version: 4.0.30319.18060, Zeitstempel: 0x51ee2110
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003630a7
ID des fehlerhaften Prozesses: 0x1268
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3
Error: (03/03/2014 09:21:34 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
bei System.Windows.Window.ShowHelper(System.Object)
bei System.Windows.Window.Show()
bei Kies.App.StartKies()
bei Kies.App.App_Startup2(System.Object, System.Windows.StartupEventArgs)
bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
bei Kies.App.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.Run()
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run(System.Windows.Window)
bei System.Windows.Application.Run()
bei Kies.App.Main()
Error: (03/03/2014 09:17:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/05/2014 05:06:14 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/05/2014 08:58:49 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/05/2014 07:24:21 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/04/2014 08:05:08 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/04/2014 09:38:42 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/03/2014 09:17:32 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/03/2014 00:20:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/28/2014 01:40:44 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/28/2014 08:12:15 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/28/2014 07:09:26 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (03/05/2014 05:05:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2014 09:43:15 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\Samsung\Kies\External\firmwareupdate\GT-B2710\DeviceController64.exec:\program files\Samsung\Kies\External\firmwareupdate\GT-B2710\Microsoft.VC90.CRT.MANIFEST11
Error: (03/05/2014 08:58:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2014 07:24:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2014 07:23:25 AM) (Source: PostgreSQL)(User: )
Description: Zeitüberschreitung beim Warten auf Start des Servers
Error: (03/04/2014 08:04:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/04/2014 09:39:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/03/2014 09:21:35 PM) (Source: Application Error)(User: )
Description: Kies.exe1.0.0.166852f4b1ddPresentationFramework.ni.dll4.0.30319.1806051ee2110c0000005003630a7126801cf371db6c8fd86C:\Program Files\Samsung\Kies\Kies.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8711b01d60a94d6ef6a02d7fd0578493\PresentationFramework.ni.dll6a94719c-a311-11e3-b47d-00247e7f651a
Error: (03/03/2014 09:21:34 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
bei System.Windows.Window.ShowHelper(System.Object)
bei System.Windows.Window.Show()
bei Kies.App.StartKies()
bei Kies.App.App_Startup2(System.Object, System.Windows.StartupEventArgs)
bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
bei Kies.App.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.Run()
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run(System.Windows.Window)
bei System.Windows.Application.Run()
bei Kies.App.Main()
Error: (03/03/2014 09:17:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-05 17:48:54
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 ST9320421AS rev.HP15 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\MARKUS~1\AppData\Local\Temp\pwliyaog.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x904B0ACC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x904B15AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x904BD692]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x904BD6DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x904BD878]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x904BD600]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x90567426]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x904BD648]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x904B1AE0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x904B1CFC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x904BD832]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x904B2398]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x904B0B32]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x904B5BE4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x904B071E]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90567506]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x904B0B98]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x904B5FDA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x904B2EDE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x904BD6BC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x904BD700]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x904BD89C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x904BD626]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x904B54DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x904BD7B0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x904BD670]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x904B58C6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x904BD856]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x905672AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x904B2CF4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x904B2A02]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x904B0BFE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x904B0C64]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x90567602]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x904B07B8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x904B098A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x904B0918]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x904B2562]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x904B26C4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x904B0A12]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x90567378]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x904B21F2]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x904B0CCA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x904B1606]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C44A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7E212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C85460 4 Bytes [CC, 0A, 4B, 90] {INT 3 ; OR CL, [EBX-0x70]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C854E8 4 Bytes [AA, 15, 4B, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C8553C 8 Bytes [92, D6, 4B, 90, DE, D6, 4B, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C85548 4 Bytes [78, D8, 4B, 90] {JS 0xffffffda; DEC EBX; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C85564 4 Bytes [00, D6, 4B, 90] {ADD DH, DL; DEC EBX; NOP }
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E404DF 4 Bytes CALL 904B35C5 \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E5A347 4 Bytes CALL 904B35DB \??\C:\Windows\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\svchost.exe[336] kernel32.dll!GetBinaryTypeW + 70 76FD69E4 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[340] kernel32.dll!GetBinaryTypeW + 70 76FD69E4 1 Byte [62]
.text C:\Program Files\PostgreSQL\9.3\bin\postgres.exe[456] kernel32.dll!GetBinaryTypeW + 70 76FD69E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[464] kernel32.dll!GetBinaryTypeW + 70 76FD69E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!GetBinaryTypeW + 70 76FD69E4 1 Byte [62]
.text ...
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\0000008e bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e7f651a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e7f651a@2013e05a9d29 0x1E 0xE4 0x86 0xBC ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e7f651a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e7f651a@2013e05a9d29 0x1E 0xE4 0x86 0xBC ...
---- EOF - GMER 2.1 ----
Vielen Dank schon mal. Beste Grüße Markus |
| Themen zu Windows 7: Security.Hijack gefunden, was nun? |
| adobe, amazon-icon, browser, desktop, fehlermeldung, files/postgresql/9.3/data", firefox, flash player, giga.de, installation, java/exploit.agent.onv, java/exploit.cve-2011-3544.dd, java/exploit.cve-2012-0507.ah, js/iframe.cv, launch, newtab, problem, pup.optional.amonetize, pup.optional.bundleinstaller.a, security.hijack, services.exe, spotify web helper, svchost.exe, virtualbox, win32/adware.toolplugin, windows, winlogon.exe |
Baum-Darstellung