Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TROJAN.Dropper unter Windows 7,64bit Version im "Datev-Verzeichnis" (https://www.trojaner-board.de/145426-trojan-dropper-windows-7-64bit-version-datev-verzeichnis.html)

schrauber 08.12.2013 16:43
Du hast MBAr geladen, dann hast Du es entpackt. In einen Ordner, warscheinlich auf dem Desktop oder in deinem Download Ordner.

Von Wo hast Du die MBar.exe gestartet? Genau dort liegt auch das Logfile, steht doch auch genau so oben :)

Joachim_78 08.12.2013 17:53
Der mbar findet nichts mehr. Ich wollte die txt posten habe aber keine txt im Programmordner gefunden bevor ich den letzten Part vom Rootkit gestartet habe mit dem CleanUp.
Jetzt ist der Scan ohne Befund verlaufen.

Trotzdem ist der Rechner noch gleich langsam mir gehen die Ideen aus?

Gruß Joachim

schrauber 09.12.2013 09:22
Dann sind wir schon zwei :)

Beschreib bitte wann er langsam ist:

Nur beim Start?
Allgemein?
Oder nur Internet-Bezogen?

Joachim_78 09.12.2013 20:19
Hallo Schrauber,

es schaltet sich immer noch die Windows Firewall ohne Grund aus. Die Langsamkeit ist in der Ausführung und Öffnung der Programme zu spüren. Es dauert z. B. Excel Öffnung knapp 20 sekunden ebenso ein betrie0bsbereites Outlook.

Hier ist die txt vom mbar:

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4148731904, free: 1709436928

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4148731904, free: 1692930048

Downloaded database version: v2013.12.08.01
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
12/08/2013 13:20:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spoq.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avfwot.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atipmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\System32\Drivers\a6a148r2.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\avfwim.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\c:\program files\dell support center\pcdsrvc_x64.pkms
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\urlmon.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c68060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80049d6060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c68060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80049d6060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa800686c980
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c68060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b08960, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c68060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80049d6060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0135fd130, 0xfffffa8004c68060, 0xfffffa80060fc790
Lower DeviceData: 0xfffff8a0037e7da0, 0xfffffa80049d6060, 0xfffffa800686c980
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6F492B7E

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 20480000
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 20686848 Numsec = 122880000

Partition 3 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 143566848 Numsec = 833204224

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_206848_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
=======================================

schrauber 10.12.2013 10:44
Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

Joachim_78 13.12.2013 15:01
Hallo Schrauber,
hier die emsi Datei:

Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x00000114
1 valid drive(s) found.

Details for Disk 0 - TOSHIBA MK5065GSX Rev GJ002D:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 60801/255/63
Boot loader reputation : Known Good (Windows 7)
Cross view comparison : Passed
Partition table integrity: Passed

Boot loader hashes
SHA-1 : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
MD5 : A36C5E4F47E84449FF07ED3517B43A31

Joachim_78 13.12.2013 15:04
Anhang 62937

Hier die Zip Datei

schrauber 14.12.2013 07:14
Hm, alles gut. Immer noch so enorme Probleme?

Joachim_78 16.12.2013 18:28
Ich finde die Zugriffszeiten für das Öffnen der Programme immer so lange ich habe keine Ahnung was ich dagegen tun kann.
Ich finde auch 100 laufende Prozesse sehr viel für Windows 7.
Was kann ich denn zur Analyse noch tun oder sollte ich mal Office 2007 oder 2010 installieren um wieder brauchbare Arbeitsgeschwindigkeiten zu erhalten?
Gruß Joachim

PS: Gibt es ein sinvolles Tool um sich die Leistungsfähigkeit anzeigen zu lassen die ein "Normalanwender" auch interpretieren kann?

schrauber 17.12.2013 10:26
Der oben angegebene Prozess explorer gibt eigentlich genug Info, sonst kenn ich da auch kein Tool.

Poste bitte nochmal ein frisches FRST log.

Joachim_78 26.12.2013 19:11
Hallo Schrauber,

sorry ich kam beruflich und Feiertags bedingt nicht eher zum antworten.

So ich habe mal meinen Explorer durchforstet und habe festgestellt das ich viele SVChost Dienst laufen habe (Ohne geöffnete Programme) sind denn knapp 90 Dienste normal?

und hier das frische Logfile FRST:
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by Joachim (administrator) on JOACHIM-LAPTOP on 26-12-2013 19:08:14
Running from C:\Users\Joachim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\usrreq.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [369152 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-17] (Dell Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [DisallowRun] 1
MountPoints2: {1ffb5cc8-0052-11e0-8faa-b8ac6f66b16a} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D29E607-2FCA-4D96-99ED-8098D330F736&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D29E607-2FCA-4D96-99ED-8098D330F736&q={searchTerms}&SSPV=
SearchScopes: HKCU - {74EF697D-5C43-4F02-8E67-5997B44D67DA} URL =
SearchScopes: HKCU - {F1DCC761-246A-4D46-A4A1-2CDD6183FF35} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: haufereader - No CLSID Value -
Handler-x32: haufereader - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default
FF Homepage: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: weDownload Manager Pro - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
FF Extension: Ads Removal - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\adsremoval@adsremoval.net
FF Extension: Amazon-Icon - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\amazon-icon@giga.de
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\maps@ovi.com
FF Extension: Adblock Plus - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (weDownload Manager Pro) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joachim\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896056 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)
S3 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()
S3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-11] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\SysWow64\DRIVERS\avfwot.sys [131336 2011-06-28] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-11] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-02-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U3 as4l5ynh; C:\Windows\System32\Drivers\as4l5ynh.sys [0 ] (Microsoft Corporation)
U0 dmboot;
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-26 19:08 - 2013-12-26 19:08 - 00015772 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-26 19:07 - 2013-12-26 19:07 - 00000000 ____D C:\Users\Joachim\Downloads\FRST-OlderVersion
2013-12-19 18:48 - 2013-12-19 18:48 - 00000030 _____ C:\Users\Joachim\AppData\Roaming\WB.CFG
2013-12-16 22:18 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Users\Joachim\Desktop\conhost.exe
2013-12-16 21:51 - 2013-12-16 21:51 - 00540072 _____ (Neuber Software) C:\Users\Joachim\Downloads\SvchostAnalyzer.exe
2013-12-16 18:48 - 2013-12-16 18:48 - 00000000 ____D C:\ProgramData\NovaTech Network
2013-12-16 18:39 - 2013-12-16 18:39 - 00000000 ____D C:\Program Files (x86)\Novawave
2013-12-16 18:37 - 2013-12-16 18:37 - 12256936 _____ (Novawave Inc.                                              ) C:\Users\Joachim\Downloads\novabench3.exe
2013-12-13 14:59 - 2013-12-13 14:59 - 00000597 _____ C:\Users\Joachim\Desktop\MBRMastr_2013.12.13_14.59.09.txt
2013-12-13 14:59 - 2013-12-13 14:59 - 00000578 _____ C:\Users\Joachim\Desktop\emsi.zip
2013-12-13 14:58 - 2013-12-13 14:58 - 00788728 _____ (Emsisoft GmbH) C:\Users\Joachim\Downloads\mbrmastr.exe
2013-12-13 14:58 - 2013-12-13 14:58 - 00000512 _____ C:\Users\Joachim\Desktop\emsi.mbr
2013-12-13 03:06 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 03:06 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 03:06 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 03:06 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 03:04 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 03:04 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 03:04 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 03:04 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 03:04 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 03:04 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 03:04 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 03:04 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 03:04 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 03:04 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 03:04 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 03:04 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 03:04 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 03:04 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 03:04 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 03:04 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 03:04 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 03:04 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 03:04 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 03:04 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 03:04 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 03:04 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 03:04 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 03:04 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 03:04 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 03:04 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 03:04 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 03:04 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 03:04 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 03:04 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 03:04 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 17:56 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 17:56 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 17:54 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 17:54 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 17:54 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 17:54 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 17:54 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 17:54 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 17:54 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 17:54 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 17:54 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 17:54 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 17:54 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 17:54 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 17:54 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 17:54 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 17:54 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 17:54 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 17:54 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 17:52 - 2013-12-12 17:52 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-08 13:19 - 2013-12-08 17:53 - 00000000 ____D C:\Users\Joachim\Desktop\mbar
2013-12-08 13:18 - 2013-12-08 13:18 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Joachim\Downloads\mbar-1.07.0.1008.exe
2013-12-05 12:46 - 2013-12-08 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-05 12:45 - 2013-12-05 19:04 - 00000000 ____D C:\Program Files\mbar
2013-12-05 12:45 - 2013-12-05 12:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 12:35 - 2013-12-26 19:07 - 01928716 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-05 12:33 - 2013-12-26 18:33 - 00001432 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2013-12-05 12:33 - 2013-12-26 18:33 - 00001334 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-05 12:33 - 2013-12-26 18:33 - 00001234 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00004462 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-05 12:33 - 2013-12-05 12:33 - 00004364 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-05 12:33 - 2013-12-05 12:33 - 00004264 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-05 12:30 - 2013-12-26 18:30 - 00002340 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-05 12:29 - 2013-12-26 18:29 - 00002064 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-05 12:28 - 2013-12-26 18:28 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-12-05 12:28 - 2013-12-06 16:23 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-12-05 12:28 - 2013-12-05 20:05 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-12-05 12:28 - 2013-12-05 12:39 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-05 12:28 - 2013-12-05 12:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 12:28 - 2013-12-05 12:28 - 00003254 _____ C:\Windows\System32\Tasks\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Local\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-12-05 12:27 - 2013-12-05 12:28 - 23115760 _____ (Mozilla) C:\Users\Joachim\Downloads\Firefox_Setup_25.0.1DE.exe
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Users\Joachim\AppData\Local\SearchProtect
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-05 12:26 - 2013-12-05 12:26 - 00000000 ____D C:\Users\Joachim\Downloads\TeamViewer
2013-12-04 20:41 - 2013-12-04 20:41 - 00606040 _____ C:\Users\Joachim\Downloads\mozilla firefox setup.exe
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\ChromeExtensions
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp83fd0a09e744ae9eb85a12e74ad18381
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
2013-12-04 19:09 - 2013-12-04 19:22 - 00000000 ____D C:\Users\Joachim\Downloads\Process Explorer
2013-12-04 19:09 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Mailwarebytes
2013-12-03 20:33 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 20:27 - 2013-12-03 20:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:25 - 2013-12-03 20:33 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 17:48 - 2013-12-03 17:48 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-03 17:45 - 2013-12-11 18:47 - 00000000 ____D C:\ProgramData\ProductData
2013-12-03 17:45 - 2013-12-03 17:45 - 00001239 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00001215 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-03 17:42 - 2013-12-03 17:42 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-03 17:42 - 2013-12-03 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 15:53 - 2013-12-01 15:55 - 00035029 _____ C:\Users\Joachim\Downloads\Addition.txt
2013-12-01 15:50 - 2013-12-26 19:07 - 00000000 ____D C:\FRST
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe

==================== One Month Modified Files and Folders =======

2013-12-26 19:08 - 2013-12-26 19:08 - 00015772 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-26 19:08 - 2011-12-28 20:19 - 00007608 _____ C:\Users\Joachim\AppData\Local\resmon.resmoncfg
2013-12-26 19:08 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-26 19:07 - 2013-12-26 19:07 - 00000000 ____D C:\Users\Joachim\Downloads\FRST-OlderVersion
2013-12-26 19:07 - 2013-12-05 12:35 - 01928716 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-26 19:07 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-26 19:01 - 2010-11-21 11:46 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-26 19:00 - 2010-11-21 11:47 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-12-26 19:00 - 2010-11-21 11:46 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-12-26 18:33 - 2013-12-05 12:33 - 00001432 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2013-12-26 18:33 - 2013-12-05 12:33 - 00001334 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-26 18:33 - 2013-12-05 12:33 - 00001234 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2013-12-26 18:33 - 2012-08-25 21:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-26 18:30 - 2013-12-05 12:30 - 00002340 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-26 18:29 - 2013-12-05 12:29 - 00002064 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-26 18:28 - 2013-12-05 12:28 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-12-26 18:18 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 18:18 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 18:17 - 2009-07-14 06:10 - 01758868 _____ C:\Windows\WindowsUpdate.log
2013-12-26 18:13 - 2012-01-28 17:08 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-26 18:13 - 2009-07-14 18:58 - 24510594 _____ C:\Windows\system32\perfh007.dat
2013-12-26 18:13 - 2009-07-14 18:58 - 07931422 _____ C:\Windows\system32\perfc007.dat
2013-12-26 18:13 - 2009-07-14 06:13 - 00006980 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 15:34 - 2012-01-28 17:08 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-26 15:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-26 15:33 - 2013-11-22 16:04 - 00004775 _____ C:\Windows\setupact.log
2013-12-19 18:49 - 2013-05-02 12:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-19 18:49 - 2013-03-25 13:36 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-19 18:49 - 2013-03-25 13:36 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-19 18:48 - 2013-12-19 18:48 - 00000030 _____ C:\Users\Joachim\AppData\Roaming\WB.CFG
2013-12-16 22:10 - 2010-11-21 11:46 - 00004286 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-12-16 21:51 - 2013-12-16 21:51 - 00540072 _____ (Neuber Software) C:\Users\Joachim\Downloads\SvchostAnalyzer.exe
2013-12-16 18:48 - 2013-12-16 18:48 - 00000000 ____D C:\ProgramData\NovaTech Network
2013-12-16 18:39 - 2013-12-16 18:39 - 00000000 ____D C:\Program Files (x86)\Novawave
2013-12-16 18:37 - 2013-12-16 18:37 - 12256936 _____ (Novawave Inc.                                              ) C:\Users\Joachim\Downloads\novabench3.exe
2013-12-15 08:12 - 2012-01-28 17:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-15 03:02 - 2013-07-24 18:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:00 - 2010-11-15 06:20 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 14:59 - 2013-12-13 14:59 - 00000597 _____ C:\Users\Joachim\Desktop\MBRMastr_2013.12.13_14.59.09.txt
2013-12-13 14:59 - 2013-12-13 14:59 - 00000578 _____ C:\Users\Joachim\Desktop\emsi.zip
2013-12-13 14:58 - 2013-12-13 14:58 - 00788728 _____ (Emsisoft GmbH) C:\Users\Joachim\Downloads\mbrmastr.exe
2013-12-13 14:58 - 2013-12-13 14:58 - 00000512 _____ C:\Users\Joachim\Desktop\emsi.mbr
2013-12-13 12:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-13 12:26 - 2013-10-26 19:52 - 00000000 ____D C:\Users\Joachim\AppData\Local\Htc
2013-12-13 04:08 - 2013-11-15 04:09 - 00000000 ____D C:\Windows\rescache
2013-12-13 03:24 - 2013-11-22 16:04 - 00400352 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 03:06 - 2010-05-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 18:06 - 2013-11-22 16:08 - 00101208 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-12 17:53 - 2012-08-25 21:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 17:53 - 2012-04-09 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 17:53 - 2011-06-17 18:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 17:52 - 2013-12-12 17:52 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 18:47 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\ProductData
2013-12-09 19:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-09 18:59 - 2013-11-24 18:47 - 00008670 _____ C:\Windows\PFRO.log
2013-12-09 18:26 - 2013-05-09 03:52 - 00000000 ____D C:\Windows\Minidump
2013-12-08 17:53 - 2013-12-08 13:19 - 00000000 ____D C:\Users\Joachim\Desktop\mbar
2013-12-08 17:53 - 2013-12-05 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-08 13:18 - 2013-12-08 13:18 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Joachim\Downloads\mbar-1.07.0.1008.exe
2013-12-08 13:05 - 2012-01-28 17:08 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-08 13:05 - 2012-01-28 17:08 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 16:23 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-12-05 20:05 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-12-05 19:04 - 2013-12-05 12:45 - 00000000 ____D C:\Program Files\mbar
2013-12-05 12:45 - 2013-12-05 12:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 12:39 - 2013-12-05 12:28 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-05 12:39 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 12:33 - 2013-12-05 12:33 - 00004462 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-05 12:33 - 2013-12-05 12:33 - 00004364 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-05 12:33 - 2013-12-05 12:33 - 00004264 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-05 12:28 - 2013-12-05 12:28 - 00003254 _____ C:\Windows\System32\Tasks\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Local\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:27 - 23115760 _____ (Mozilla) C:\Users\Joachim\Downloads\Firefox_Setup_25.0.1DE.exe
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Users\Joachim\AppData\Local\SearchProtect
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-05 12:26 - 2013-12-05 12:26 - 00000000 ____D C:\Users\Joachim\Downloads\TeamViewer
2013-12-04 20:41 - 2013-12-04 20:41 - 00606040 _____ C:\Users\Joachim\Downloads\mozilla firefox setup.exe
2013-12-04 19:22 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Process Explorer
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\ChromeExtensions
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp83fd0a09e744ae9eb85a12e74ad18381
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
2013-12-04 19:19 - 2010-11-09 10:32 - 00000000 ____D C:\Users\Joachim
2013-12-04 19:09 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Mailwarebytes
2013-12-04 09:38 - 2010-11-09 10:38 - 00001331 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 09:36 - 2010-05-26 16:50 - 00000000 ____D C:\Windows\Panther
2013-12-04 09:33 - 2013-11-24 19:16 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-03 20:33 - 2013-12-03 20:25 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 20:27 - 2013-12-03 20:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 17:54 - 2011-12-30 19:41 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-03 17:54 - 2010-05-26 14:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-03 17:48 - 2013-12-03 17:48 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-03 17:45 - 2013-12-03 17:45 - 00001239 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00001215 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-03 17:45 - 2013-11-24 19:16 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-12-03 17:45 - 2013-11-24 19:16 - 00000000 ____D C:\ProgramData\IObit
2013-12-03 17:42 - 2013-12-03 17:42 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-03 17:42 - 2013-12-03 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 21:25 - 2010-11-11 09:29 - 00000000 ____D C:\Users\Joachim\AppData\Local\Mozilla
2013-12-01 15:55 - 2013-12-01 15:53 - 00035029 _____ C:\Users\Joachim\Downloads\Addition.txt
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:38 - 2010-05-26 06:58 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-01 11:34 - 2010-11-21 11:46 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-11-28 13:03 - 2013-01-19 13:00 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-11-28 13:03 - 2013-01-19 12:59 - 00001074 _____ C:\Users\Joachim\Desktop\tiptoi.lnk
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-26 12:54 - 2013-12-13 03:04 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-13 03:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-13 03:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-13 03:04 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-13 03:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-13 03:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-13 03:04 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-13 03:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-13 03:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-13 03:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-13 03:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-13 03:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-13 03:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-13 03:04 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-13 03:04 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-13 03:04 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-13 03:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-13 03:04 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-13 03:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-13 03:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-13 03:04 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-13 03:04 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-13 03:04 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-13 03:04 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-13 03:04 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-13 03:04 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-13 03:04 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-13 03:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-13 03:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-13 03:04 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-13 03:04 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\Joachim\AppData\Local\Temp\1384452412_dp.exe
C:\Users\Joachim\AppData\Local\Temp\1385723452_wedownload_manager_pro.exe
C:\Users\Joachim\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\Joachim\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Joachim\AppData\Local\Temp\avgnt.exe
C:\Users\Joachim\AppData\Local\Temp\nsi57F4.exe
C:\Users\Joachim\AppData\Local\Temp\nsy7CE3.exe
C:\Users\Joachim\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Joachim\AppData\Local\Temp\sdapskill.exe
C:\Users\Joachim\AppData\Local\Temp\sp_downloader.exe
C:\Users\Joachim\AppData\Local\Temp\SwiftBrowse_s3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-26 18:38

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Was kann ich denn gegen die vielen svchost Dienst machen? oder diese analysieren?

Gruß Joachim

schrauber 27.12.2013 16:45
Jede DLL von jedem Programm, die starten will, braucht ne eigene SVCHOST. das ist normal. Hast du den jetzt zum dritten Mal erwähnten Process Explorer schon genutzt? ;)

Joachim_78 28.12.2013 06:29
Guten Morgen Schrauber,

ich habe es mehrmals versucht mit dem Process Explorer, aber wie schon geantwortet stüzt mir da Programm immer ab. Ich komme nie dazu ein Ergebnis zu erhalten geschweige denn eines zu posten. Gibts denn keine stabile Version die unter Windoof 7 64 bit läuft ohne abzustürzen? Gibt es eine stabile Alternative dazu?

Gruß Joachim

Joachim_78 28.12.2013 13:40
Hallo Schrauber,

hier die beiden Screenshots vom Process Explorer mir sagen diese Werte da nichts ausser diese komische Conhost Dienste die ich als Warnung auch schon im Explorer her kenne als ich den gescannt habe. Scheint dies ein überbleibsel vom dem Trojaner zu sein?

Vielleicht brauchst du auch noch genauere Werte, musst mir nur sagen wie ich das dann anstelle.

Gruß Joachim

schrauber 29.12.2013 11:42
Ist alles normal, und die CPU Last ist naezu göttlich :). Ich seh da gar keine Probleme :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:09 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131