Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Security.Hijack gefunden, was nun? (https://www.trojaner-board.de/150664-windows-7-security-hijack-gefunden.html)

PP88 05.03.2014 18:38
Windows 7: Security.Hijack gefunden, was nun?
 
Hallo,

vor zwei Tagen lies sich zum ersten mal mein Firefox nicht mehr öffnen, stattdessen ist folgende Fehlermeldung erschienen: "Einschränkung: Der Vorgang wurde aufgrund von aktuellen Beschränkungen auf dem Computer abgebrochen. Wenden Sie sich an den Systemadministrator."

Daraufhin habe ich das Problem gegoogelt und habe in diesem Forum hxxp://www.camp-firefox.de/forum/viewtopic.php?f=1&t=104012 den Tipp erhalten Malwarebytes-Antimalware über meinen PC laufen zu lassen. Nun ja, dort habe ich gesehen das mein Laptop u.a. befallen ist von Security.Hijack. Daraufhin habe ich auch danach gegoogelt und folgenden Link http://www.trojaner-board.de/69886-a...-beachten.html gefunden.

Deswegen bin ich nun hier und hoffe mir kann jemand sagen was ich jetzt unternehmen soll. Ich hoffe nur, dass ich nicht alles löschen muss...

Hier sind erst mal die Logfiles der Programme die mir empfohlen wurden.

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.05.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
***** :: *****-PC [Administrator]

05.03.2014 09:09:41
MBAM-log-2014-03-05 (10-23-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206317
Laufzeit: 6 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|1 (Security.Hijack) -> Daten: firefox.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 39
C:\Users\*****\AppData\Local\Temp\+r_JPHDv.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\+Z3j8z_9.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\e8qLHA7u.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\Ea8GvexE.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\eKfqnz0B.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\ivuQ9Mn7.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\HTURPFAv.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\ICm0SyU9.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\IiNk99rL.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\mmesw0Gw.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\1KI1kO1y.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\2D9dsMZw.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\3e8LeMCu.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\5vVb4h44.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\7KrENgIY.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\J0GOB77_.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\jnSqoPK0.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\kuUSLwNS.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\MG5k08CL.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\yrhA79ts.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\reAbACIV.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\Sp+qjjvW.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\sQ47tAfW.exe.part (PUP.Optional.Amonetize) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\wmOPCCZd.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\wYLVTmDR.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\DPi2+qHs.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\PVJHGT39.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\Q68kPzYO.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\qC1tfmKX.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\QTXe2Vw3.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\XQzQ3WJz.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\UMkxsxf_.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\Uu5uKVlE.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\v1YA1GIU.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\VGng2l8K.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\ItQtSVii.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\8Cl1SA+x.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\lH9vI6m2.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\LVlA7AaO.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.

(Ende)
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:10 on 05/03/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2014
Ran by ***** (administrator) on *****-PC on 05-03-2014 17:12:37
Running from C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8O90389
Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMScan.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [Spotify Web Helper] - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-12-16] (Jumping Bytes)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer\DisallowRun: [1] firefox.exe
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: F - F:\sources\sperr32.exe x64
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: {8194dac8-be41-11e2-8b92-806e6f6e6963} - D:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDC4B6855652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "192.168.0.3"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.3"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.3"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "192.168.0.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.168.0.3"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\amazon-icon@giga.de [2014-03-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-16]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-02-18] (Juniper Networks)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
R2 postgresql-9.3; C:/Program Files/PostgreSQL/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2013-02-18] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-16] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [136904 2014-01-23] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [17864 2014-01-23] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [153672 2014-01-23] (MCCI Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [130376 2014-01-23] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-05 17:10 - 2014-03-05 17:10 - 00000486 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 08:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:10 - 2014-03-04 20:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:10 - 2014-03-03 23:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:09 - 2014-03-03 23:28 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:50 - 2014-03-03 21:54 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:46 - 2014-01-23 04:21 - 00153672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00136904 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00130376 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssceserd.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00017864 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2014-02-26 13:52 - 2014-02-26 13:52 - 00028092 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-22 22:04 - 2014-02-23 00:25 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-18 23:51 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:37 - 2014-02-18 23:37 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-02-18 23:33 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-18 23:33 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 23:04 - 2014-02-25 20:17 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:58 - 2014-02-18 22:59 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:55 - 2014-02-18 22:56 - 00000000 ____D () C:\Python33
2014-02-18 22:53 - 2014-02-25 15:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 22:52 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:52 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-02-18 22:52 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-02-18 22:52 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-02-18 22:52 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2014-02-18 22:52 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-02-18 22:52 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-02-18 22:52 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-02-18 22:52 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2014-02-18 22:52 - 2009-06-10 22:34 - 00316640 _____ () C:\Windows\WMSysPr9.prx
2014-02-18 22:51 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:51 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-02-18 22:50 - 2014-02-25 15:44 - 00000000 ____D () C:\Program Files\Samsung
2014-02-18 22:48 - 2014-02-18 22:49 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:30 - 2014-02-18 20:39 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 20:17 - 2014-02-18 20:41 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 08:34 - 2014-02-18 08:36 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:32 - 2014-02-18 08:33 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:34 - 2014-02-17 11:44 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:01 - 2014-02-16 19:03 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:52 - 2014-02-16 18:58 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:51 - 2014-02-16 19:05 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:45 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:44 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:35 - 2014-02-16 18:37 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:16 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:16 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:16 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:16 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:16 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:16 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:16 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:16 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:16 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:16 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:16 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:16 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:16 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:16 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:16 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:16 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:16 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:16 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:58 - 2014-02-12 16:10 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 16:13 - 2014-02-12 17:01 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 14:55 - 2014-02-12 14:54 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:35 - 2014-02-14 09:40 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-12 14:08 - 2014-02-12 14:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:59 - 2014-02-12 13:49 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-06 20:07 - 2014-02-07 14:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-03-05 17:12 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-05 17:11 - 2013-10-14 05:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 17:10 - 2014-03-05 17:10 - 00000486 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 17:10 - 2013-05-16 17:54 - 00000000 ____D () C:\Users\*****
2014-03-05 17:08 - 2013-05-16 17:01 - 01915081 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 17:05 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 17:05 - 2009-07-14 05:07 - 00048831 _____ () C:\Windows\setupact.log
2014-03-05 16:41 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 16:41 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 14:02 - 2013-09-30 19:01 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 07:23 - 2013-05-19 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:11 - 2014-03-04 20:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 16:03 - 2013-12-04 09:30 - 00000000 ____D () C:\Users\*****\Documents\Praktikum_Deutronic
2014-03-04 14:25 - 2010-11-20 22:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:28 - 2014-03-03 23:09 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:26 - 2014-03-03 23:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:54 - 2014-03-03 21:50 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:18 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-27 20:46 - 2013-08-02 22:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-02-26 17:22 - 2013-05-17 18:53 - 00000000 ____D () C:\Users\*****\Documents\MATLAB
2014-02-26 13:52 - 2014-02-26 13:52 - 00028092 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 20:17 - 2014-02-18 23:04 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-25 15:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-25 15:45 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-25 15:44 - 2014-02-18 22:50 - 00000000 ____D () C:\Program Files\Samsung
2014-02-25 15:43 - 2014-02-18 22:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-24 22:08 - 2013-09-18 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2014-02-24 20:52 - 2013-09-18 17:03 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2014-02-24 08:25 - 2013-09-30 17:50 - 00000000 ____D () C:\Users\*****\Desktop\Programme
2014-02-23 09:16 - 2010-11-20 22:49 - 00245462 _____ () C:\Windows\PFRO.log
2014-02-23 00:25 - 2014-02-22 22:04 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-22 18:18 - 2013-12-22 23:33 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 18:18 - 2013-05-16 20:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 18:18 - 2013-05-16 20:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 17:11 - 2013-05-16 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:11 - 2013-05-16 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-19 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:51 - 2014-02-18 22:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-18 23:37 - 2014-02-18 23:37 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-02-18 23:33 - 2013-05-16 20:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 23:31 - 2013-09-30 18:48 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:59 - 2014-02-18 22:58 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:56 - 2014-02-18 22:55 - 00000000 ____D () C:\Python33
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:49 - 2014-02-18 22:48 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:41 - 2014-02-18 20:17 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:39 - 2014-02-18 20:30 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 13:48 - 2013-09-30 17:57 - 00000000 ____D () C:\Users\*****\Praktikum
2014-02-18 11:12 - 2014-01-28 08:30 - 00000000 ____D () C:\Users\*****\Bachelorarbeit
2014-02-18 11:11 - 2013-10-08 07:04 - 00079872 ___SH () C:\Users\*****\Thumbs.db
2014-02-18 08:36 - 2014-02-18 08:34 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:33 - 2014-02-18 08:32 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:44 - 2014-02-17 11:34 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:05 - 2014-02-16 18:51 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 19:03 - 2014-02-16 19:01 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:58 - 2014-02-16 18:52 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:49 - 2014-02-16 18:45 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:49 - 2014-02-16 18:44 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:37 - 2014-02-16 18:35 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-14 14:36 - 2013-10-01 07:45 - 00000000 ____D () C:\Program Files\BaSyTec
2014-02-14 09:40 - 2014-02-12 14:35 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2013-08-06 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:14 - 2013-05-16 20:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:01 - 2014-02-12 16:13 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 16:10 - 2014-02-12 16:58 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 14:54 - 2014-02-12 14:55 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:13 - 2014-02-12 14:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:49 - 2014-02-12 13:59 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-11 14:06 - 2014-01-16 12:27 - 00000000 ____D () C:\Users\*****\Documents\Praesentation_Deutronic_Praktikum
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-07 16:33 - 2014-02-18 23:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-07 14:09 - 2014-02-06 20:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-12 17:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-12 17:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-12 17:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-12 17:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-12 17:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 17:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-12 17:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-12 17:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-12 17:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-12 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-12 17:16 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-12 17:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-12 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-12 17:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 17:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 17:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-12 17:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-12 17:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-12 17:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\Checkupdate.exe
C:\Users\*****\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\gcapi_dll.dll
C:\Users\*****\AppData\Local\Temp\GdiPlus.dll
C:\Users\*****\AppData\Local\Temp\gtapi_signed.dll
C:\Users\*****\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\*****\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\*****\AppData\Local\Temp\pyl2665.tmp.exe
C:\Users\*****\AppData\Local\Temp\pyl7DBA.tmp.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 09:25

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2014
Ran by ***** at 2014-03-05 17:13:03
Running from C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8O90389
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ActiveState Komodo Edit 8.5.3 (HKLM\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.3 - ActiveState Software Inc.)
AdblockIE (HKLM\...\{5508128A-2C7B-46B5-81F9-58E8E8115F0B}) (Version: 1.2 - af0.net)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
BaSyTec (HKLM\...\{DEE17AC1-38EB-4CDA-81CB-AE8CEC940967}) (Version: 5.00.00 - BaSyTec GmbH)
BeCyPDFMetaEdit (HKLM\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dungeon Keeper 2 (HKLM\...\Dungeon Keeper II) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Juniper Installer Service (HKLM\...\SetupService) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Network Connect 7.1.14 (HKLM\...\Juniper Network Connect 7.1.14) (Version: 7.1.14.23943 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maple 15 (HKLM\...\Maple 15) (Version: 15.0.0.0 - Maplesoft)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mobile Master (Version: 8.9.3 - Jumping Bytes) Hidden
Mobile Master 8.9.3 (HKLM\...\Mobile Master) (Version: 8.9.3 - Jumping Bytes)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKCU\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.6128 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13550 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.2 (HKLM\...\{91E5A436-8560-4621-9F26-D7050D078832}) (Version: 4.3.2 - Oracle Corporation)
Populous: The Beginning (HKLM\...\Populous: The Beginning) (Version:  - )
PostgreSQL 9.3  (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
psqlODBC (HKLM\...\{D3527FA5-9C2B-4550-A59B-9534A78950F4}) (Version: 09.03.0100 - PostgreSQL Global Development Group)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Python 3.3.4 (HKLM\...\{cc2659bc-d27d-3593-a0a0-9ac0de07a430}) (Version: 3.3.4150 - Python Software Foundation)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM\...\{7709C9B0-AD83-4F7C-A153-B956BC3C3B0A}) (Version: 3.1.10 - Kivuto Solutions Inc.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7255 - Analog Devices)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Ubuntu (HKLM\...\Wubi) (Version: 13.10-rev284 - Ubuntu)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)

==================== Restore Points  =========================

18-02-2014 21:50:15 Installiert Samsung New PC Studio
18-02-2014 21:58:17 Installed ActiveState Komodo Edit 8.5.3
18-02-2014 22:01:15 Entfernt Samsung New PC Studio
18-02-2014 22:03:52 Installiert Samsung New PC Studio
18-02-2014 22:32:45 Installed Samsung Kies
20-02-2014 05:49:13 Windows Update
22-02-2014 17:17:24 avast! antivirus system restore point
23-02-2014 18:32:07 Windows-Sicherung
25-02-2014 14:37:33 Removed Samsung Kies
25-02-2014 14:42:39 Installed Samsung Kies
03-03-2014 11:29:26 Windows-Sicherung
03-03-2014 22:08:53 Installed Mobile Master

==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-11-10 23:40 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2E955674-911C-40A2-A5A5-496DC9918F54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {7C30373D-B376-4CDD-A094-9E4038EBDF9C} - System32\Tasks\RunAsStdUser Task => C:\Program Files\MATLAB\R2010a\MATLAB R2010a.lnk [2013-05-17] () <==== ATTENTION
Task: {92DBBDA2-9A7D-42F0-8758-ADEFF8B077DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-22] (AVAST Software)
Task: {9787913F-5EEB-4C0D-9BE5-0C4CAB2D7496} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-05 07:23 - 2014-03-04 20:03 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030401\algo.dll
2014-02-12 14:04 - 2013-10-08 08:07 - 00139264 _____ () C:\Program Files\PostgreSQL\9.3\bin\LIBPQ.dll
2014-02-12 14:05 - 2012-08-14 14:30 - 01009664 _____ () C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
2013-12-12 16:46 - 2013-12-12 16:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-25 15:45 - 2014-02-25 15:45 - 00185344 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\7aed4e2ec90776185850c38df3083049\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-25 15:46 - 2014-02-25 15:46 - 15006208 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4c5e9b147e83762f9ed2f2a7998fbdce\Kies.Theme.ni.dll
2014-02-25 15:45 - 2014-02-25 15:45 - 01839104 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\70d92dda0fd3438e66027154948fc87a\Kies.UI.ni.dll
2014-02-25 15:45 - 2014-02-25 15:45 - 00081408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\865e3cc4ed0bac3d0f35f95a5e8e15a3\Kies.MVVM.ni.dll
2014-02-25 15:46 - 2014-02-25 15:46 - 00233984 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\97df4af47d975f5e8e1a80f9e246d4b6\ASF_cSharpAPI.ni.dll
2014-02-06 20:07 - 2014-02-06 20:07 - 03019376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-02-06 20:07 - 2014-02-06 20:07 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-06 20:07 - 2014-02-06 20:07 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Faulty Device Manager Devices =============

Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2014 05:05:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 09:43:15 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile  Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (03/05/2014 08:58:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 07:24:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 07:23:25 AM) (Source: PostgreSQL) (User: )
Description: Zeitüberschreitung beim Warten auf Start des Servers

Error: (03/04/2014 08:04:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 09:39:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 09:21:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1668, Zeitstempel: 0x52f4b1dd
Name des fehlerhaften Moduls: PresentationFramework.ni.dll, Version: 4.0.30319.18060, Zeitstempel: 0x51ee2110
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003630a7
ID des fehlerhaften Prozesses: 0x1268
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3

Error: (03/03/2014 09:21:34 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
  bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
  bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
  bei MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
  bei System.Windows.Window.ShowHelper(System.Object)
  bei System.Windows.Window.Show()
  bei Kies.App.StartKies()
  bei Kies.App.App_Startup2(System.Object, System.Windows.StartupEventArgs)
  bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
  bei Kies.App.OnStartup(System.Windows.StartupEventArgs)
  bei System.Windows.Application.<.ctor>b__1(System.Object)
  bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
  bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
  bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  bei System.Windows.Threading.DispatcherOperation.Invoke()
  bei System.Windows.Threading.Dispatcher.ProcessQueue()
  bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
  bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
  bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
  bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
  bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
  bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
  bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
  bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
  bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
  bei System.Windows.Threading.Dispatcher.Run()
  bei System.Windows.Application.RunDispatcher(System.Object)
  bei System.Windows.Application.RunInternal(System.Windows.Window)
  bei System.Windows.Application.Run(System.Windows.Window)
  bei System.Windows.Application.Run()
  bei Kies.App.Main()

Error: (03/03/2014 09:17:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/05/2014 05:06:14 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/05/2014 08:58:49 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/05/2014 07:24:21 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/04/2014 08:05:08 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/04/2014 09:38:42 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/03/2014 09:17:32 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/03/2014 00:20:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/28/2014 01:40:44 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/28/2014 08:12:15 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/28/2014 07:09:26 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (03/05/2014 05:05:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 09:43:15 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\Samsung\Kies\External\firmwareupdate\GT-B2710\DeviceController64.exec:\program files\Samsung\Kies\External\firmwareupdate\GT-B2710\Microsoft.VC90.CRT.MANIFEST11

Error: (03/05/2014 08:58:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 07:24:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 07:23:25 AM) (Source: PostgreSQL)(User: )
Description: Zeitüberschreitung beim Warten auf Start des Servers

Error: (03/04/2014 08:04:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 09:39:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 09:21:35 PM) (Source: Application Error)(User: )
Description: Kies.exe1.0.0.166852f4b1ddPresentationFramework.ni.dll4.0.30319.1806051ee2110c0000005003630a7126801cf371db6c8fd86C:\Program Files\Samsung\Kies\Kies.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8711b01d60a94d6ef6a02d7fd0578493\PresentationFramework.ni.dll6a94719c-a311-11e3-b47d-00247e7f651a

Error: (03/03/2014 09:21:34 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
  bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
  bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
  bei MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
  bei System.Windows.Window.ShowHelper(System.Object)
  bei System.Windows.Window.Show()
  bei Kies.App.StartKies()
  bei Kies.App.App_Startup2(System.Object, System.Windows.StartupEventArgs)
  bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
  bei Kies.App.OnStartup(System.Windows.StartupEventArgs)
  bei System.Windows.Application.<.ctor>b__1(System.Object)
  bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
  bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
  bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  bei System.Windows.Threading.DispatcherOperation.Invoke()
  bei System.Windows.Threading.Dispatcher.ProcessQueue()
  bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
  bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
  bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
  bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
  bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
  bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
  bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
  bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
  bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
  bei System.Windows.Threading.Dispatcher.Run()
  bei System.Windows.Application.RunDispatcher(System.Object)
  bei System.Windows.Application.RunInternal(System.Windows.Window)
  bei System.Windows.Application.Run(System.Windows.Window)
  bei System.Windows.Application.Run()
  bei Kies.App.Main()

Error: (03/03/2014 09:17:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
[CODE]
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-05 17:48:54
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 ST9320421AS rev.HP15 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\MARKUS~1\AppData\Local\Temp\pwliyaog.sys


---- System - GMER 2.1 ----

SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwAddBootEntry [0x904B0ACC]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwAssignProcessToJobObject [0x904B15AA]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwCreateEvent [0x904BD692]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwCreateEventPair [0x904BD6DE]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwCreateIoCompletion [0x904BD878]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwCreateMutant [0x904BD600]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwCreateSection [0x90567426]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwCreateSemaphore [0x904BD648]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwCreateThread [0x904B1AE0]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwCreateThreadEx [0x904B1CFC]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwCreateTimer [0x904BD832]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwDebugActiveProcess [0x904B2398]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwDeleteBootEntry [0x904B0B32]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwDuplicateObject [0x904B5BE4]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwLoadDriver [0x904B071E]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwMapViewOfSection [0x90567506]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwModifyBootEntry [0x904B0B98]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwNotifyChangeKey [0x904B5FDA]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwNotifyChangeMultipleKeys [0x904B2EDE]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwOpenEvent [0x904BD6BC]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwOpenEventPair [0x904BD700]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwOpenIoCompletion [0x904BD89C]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwOpenMutant [0x904BD626]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwOpenProcess [0x904B54DE]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwOpenSection [0x904BD7B0]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwOpenSemaphore [0x904BD670]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwOpenThread [0x904B58C6]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwOpenTimer [0x904BD856]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwProtectVirtualMemory [0x905672AA]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwQueryObject [0x904B2CF4]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwQueueApcThreadEx [0x904B2A02]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwSetBootEntryOrder [0x904B0BFE]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwSetBootOptions [0x904B0C64]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwSetContextThread [0x90567602]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwSetSystemInformation [0x904B07B8]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwSetSystemPowerState [0x904B098A]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwShutdownSystem [0x904B0918]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwSuspendProcess [0x904B2562]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwSuspendThread [0x904B26C4]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwSystemDebugControl [0x904B0A12]
SSDT    \??\C:\Windows\system32\drivers\aswSP.sys                                                        ZwTerminateProcess [0x90567378]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwTerminateThread [0x904B21F2]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwVdmControl [0x904B0CCA]
SSDT    \??\C:\Windows\system32\drivers\aswSnx.sys                                                      ZwWriteVirtualMemory [0x904B1606]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                        82C44A15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          82C7E212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                              82C85460 4 Bytes  [CC, 0A, 4B, 90] {INT 3 ; OR CL, [EBX-0x70]}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                              82C854E8 4 Bytes  [AA, 15, 4B, 90]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                              82C8553C 8 Bytes  [92, D6, 4B, 90, DE, D6, 4B, ...]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                              82C85548 4 Bytes  [78, D8, 4B, 90] {JS 0xffffffda; DEC EBX; NOP }
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                              82C85564 4 Bytes  [00, D6, 4B, 90] {ADD DH, DL; DEC EBX; NOP }
.text  ...                                                                                             
PAGE    ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                      82E404DF 4 Bytes  CALL 904B35C5 \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE    ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                    82E5A347 4 Bytes  CALL 904B35DB \??\C:\Windows\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\svchost.exe[336] kernel32.dll!GetBinaryTypeW + 70                            76FD69E4 1 Byte  [62]
.text  C:\Windows\system32\AUDIODG.EXE[340] kernel32.dll!GetBinaryTypeW + 70                            76FD69E4 1 Byte  [62]
.text  C:\Program Files\PostgreSQL\9.3\bin\postgres.exe[456] kernel32.dll!GetBinaryTypeW + 70          76FD69E4 1 Byte  [62]
.text  C:\Windows\system32\csrss.exe[464] kernel32.dll!GetBinaryTypeW + 70                              76FD69E4 1 Byte  [62]
.text  C:\Windows\system32\wininit.exe[524] kernel32.dll!GetBinaryTypeW + 70                            76FD69E4 1 Byte  [62]
.text  ...                                                                                             

---- Devices - GMER 2.1 ----

Device  \Driver\BTHUSB \Device\0000008e                                                                  bthport.sys

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e7f651a                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e7f651a@2013e05a9d29        0x1E 0xE4 0x86 0xBC ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e7f651a (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e7f651a@2013e05a9d29            0x1E 0xE4 0x86 0xBC ...

---- EOF - GMER 2.1 ----
--- --- ---


Vielen Dank schon mal.

Beste Grüße
Markus

schrauber 06.03.2014 08:02
Hi,

Funde von MBAM löschen lassen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

PP88 06.03.2014 18:52
Hallo,

vielen Dank für die schnelle Antwort.

Hier die Log-Files:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional N x86
Ran by ***** on 06.03.2014 at 18:32:36,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\fdt5qvea.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2014 at 18:35:04,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile:
Code:
# AdwCleaner v3.020 - Bericht erstellt am 06/03/2014 um 18:25:06
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Professional N Service Pack 1 (32 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files\myfree codec
Ordner Gelöscht : C:\Users\MARKUS~1\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C30373D-B376-4CDD-A094-9E4038EBDF9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2584 octets] - [06/03/2014 18:21:35]
AdwCleaner[S0].txt - [2515 octets] - [06/03/2014 18:25:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2575 octets] ##########
--- --- ---



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2014
Ran by ***** (administrator) on *****-PC on 06-03-2014 18:45:55
Running from C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN6A4PWM
Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMAgent.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMScan.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [Spotify Web Helper] - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-12-16] (Jumping Bytes)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: F - F:\sources\sperr32.exe x64
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: {8194dac8-be41-11e2-8b92-806e6f6e6963} - D:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDC4B6855652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "192.168.0.3"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.3"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.3"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "192.168.0.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.168.0.3"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\amazon-icon@giga.de [2014-03-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-16]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-02-18] (Juniper Networks)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
R2 postgresql-9.3; C:/Program Files/PostgreSQL/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2013-02-18] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-16] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [136904 2014-01-23] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [17864 2014-01-23] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [153672 2014-01-23] (MCCI Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [130376 2014-01-23] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 18:35 - 2014-03-06 18:35 - 00000773 _____ () C:\Users\*****\Desktop\JRT.txt
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:30 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:27 - 2014-03-06 18:28 - 00002628 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt
2014-03-06 18:21 - 2014-03-06 18:25 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:21 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:51 - 2014-03-06 15:51 - 00024833 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:12 - 2014-03-06 18:45 - 00000000 ____D () C:\FRST
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 08:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:10 - 2014-03-04 20:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:10 - 2014-03-03 23:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:09 - 2014-03-03 23:28 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:50 - 2014-03-03 21:54 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:46 - 2014-01-23 04:21 - 00153672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00136904 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00130376 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssceserd.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00017864 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-22 22:04 - 2014-02-23 00:25 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-18 23:51 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:33 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-18 23:33 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 23:04 - 2014-02-25 20:17 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:58 - 2014-02-18 22:59 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:55 - 2014-02-18 22:56 - 00000000 ____D () C:\Python33
2014-02-18 22:53 - 2014-02-25 15:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 22:52 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:52 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-02-18 22:52 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-02-18 22:52 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-02-18 22:52 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2014-02-18 22:52 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-02-18 22:52 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-02-18 22:52 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-02-18 22:52 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2014-02-18 22:52 - 2009-06-10 22:34 - 00316640 _____ () C:\Windows\WMSysPr9.prx
2014-02-18 22:51 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:51 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-02-18 22:50 - 2014-02-25 15:44 - 00000000 ____D () C:\Program Files\Samsung
2014-02-18 22:48 - 2014-02-18 22:49 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:30 - 2014-02-18 20:39 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 20:17 - 2014-02-18 20:41 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 08:34 - 2014-02-18 08:36 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:32 - 2014-02-18 08:33 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:34 - 2014-02-17 11:44 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:01 - 2014-02-16 19:03 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:52 - 2014-02-16 18:58 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:51 - 2014-02-16 19:05 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:45 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:44 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:35 - 2014-02-16 18:37 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:16 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:16 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:16 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:16 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:16 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:16 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:16 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:16 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:16 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:16 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:16 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:16 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:16 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:16 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:16 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:16 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:16 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:16 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:58 - 2014-02-12 16:10 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 16:13 - 2014-02-12 17:01 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 14:55 - 2014-02-12 14:54 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:35 - 2014-02-14 09:40 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-12 14:08 - 2014-02-12 14:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:59 - 2014-02-12 13:49 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-06 20:07 - 2014-02-07 14:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-03-06 18:45 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-06 18:38 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 18:38 - 2009-07-14 05:07 - 00049223 _____ () C:\Windows\setupact.log
2014-03-06 18:37 - 2013-05-16 17:01 - 02046754 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 18:37 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 18:37 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 18:35 - 2014-03-06 18:35 - 00000773 _____ () C:\Users\*****\Desktop\JRT.txt
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:28 - 2014-03-06 18:27 - 00002628 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt
2014-03-06 18:25 - 2014-03-06 18:21 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:20 - 2014-03-06 18:30 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 18:14 - 2013-05-16 17:58 - 00000000 ____D () C:\Windows\Panther
2014-03-06 18:14 - 2010-11-20 22:49 - 00255550 _____ () C:\Windows\PFRO.log
2014-03-06 18:11 - 2013-10-14 05:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 17:58 - 2014-03-06 18:21 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:51 - 2014-03-06 15:51 - 00024833 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-06 15:35 - 2013-10-01 07:45 - 00000000 ____D () C:\Program Files\BaSyTec
2014-03-06 07:28 - 2009-07-14 05:17 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:56 - 2013-09-13 08:52 - 336285250 _____ () C:\Windows\MEMORY.DMP
2014-03-05 17:56 - 2013-09-13 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 17:10 - 2013-05-16 17:54 - 00000000 ____D () C:\Users\*****
2014-03-05 14:02 - 2013-09-30 19:01 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 07:23 - 2013-05-19 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:11 - 2014-03-04 20:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 16:03 - 2013-12-04 09:30 - 00000000 ____D () C:\Users\*****\Documents\Praktikum_Deutronic
2014-03-04 14:25 - 2010-11-20 22:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:28 - 2014-03-03 23:09 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:26 - 2014-03-03 23:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\ChromeExtensions
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:54 - 2014-03-03 21:50 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:18 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-27 20:46 - 2013-08-02 22:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-02-26 17:22 - 2013-05-17 18:53 - 00000000 ____D () C:\Users\*****\Documents\MATLAB
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 20:17 - 2014-02-18 23:04 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-25 15:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-25 15:45 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-25 15:44 - 2014-02-18 22:50 - 00000000 ____D () C:\Program Files\Samsung
2014-02-25 15:43 - 2014-02-18 22:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-24 22:08 - 2013-09-18 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2014-02-24 20:52 - 2013-09-18 17:03 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2014-02-24 08:25 - 2013-09-30 17:50 - 00000000 ____D () C:\Users\*****\Desktop\Programme
2014-02-23 00:25 - 2014-02-22 22:04 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-22 18:18 - 2013-12-22 23:33 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 18:18 - 2013-05-16 20:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 18:18 - 2013-05-16 20:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 17:11 - 2013-05-16 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:11 - 2013-05-16 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-19 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:51 - 2014-02-18 22:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-18 23:33 - 2013-05-16 20:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 23:31 - 2013-09-30 18:48 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:59 - 2014-02-18 22:58 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:56 - 2014-02-18 22:55 - 00000000 ____D () C:\Python33
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:49 - 2014-02-18 22:48 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:41 - 2014-02-18 20:17 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:39 - 2014-02-18 20:30 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 13:48 - 2013-09-30 17:57 - 00000000 ____D () C:\Users\*****\Praktikum
2014-02-18 11:12 - 2014-01-28 08:30 - 00000000 ____D () C:\Users\*****\Bachelorarbeit
2014-02-18 11:11 - 2013-10-08 07:04 - 00079872 ___SH () C:\Users\*****\Thumbs.db
2014-02-18 08:36 - 2014-02-18 08:34 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:33 - 2014-02-18 08:32 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:44 - 2014-02-17 11:34 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:05 - 2014-02-16 18:51 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 19:03 - 2014-02-16 19:01 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:58 - 2014-02-16 18:52 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:49 - 2014-02-16 18:45 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:49 - 2014-02-16 18:44 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:37 - 2014-02-16 18:35 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-14 09:40 - 2014-02-12 14:35 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2013-08-06 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:14 - 2013-05-16 20:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:01 - 2014-02-12 16:13 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 16:10 - 2014-02-12 16:58 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 14:54 - 2014-02-12 14:55 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:13 - 2014-02-12 14:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:49 - 2014-02-12 13:59 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-11 14:06 - 2014-01-16 12:27 - 00000000 ____D () C:\Users\*****\Documents\Praesentation_Deutronic_Praktikum
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-07 16:33 - 2014-02-18 23:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-07 14:09 - 2014-02-06 20:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-12 17:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-12 17:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-12 17:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-12 17:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-12 17:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 17:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-12 17:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-12 17:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-12 17:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-12 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-12 17:16 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-12 17:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-12 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-12 17:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 17:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 17:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-12 17:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-12 17:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-12 17:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\Checkupdate.exe
C:\Users\*****\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\gcapi_dll.dll
C:\Users\*****\AppData\Local\Temp\GdiPlus.dll
C:\Users\*****\AppData\Local\Temp\gtapi_signed.dll
C:\Users\*****\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\*****\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\*****\AppData\Local\Temp\pyl2665.tmp.exe
C:\Users\*****\AppData\Local\Temp\pyl7DBA.tmp.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 09:25

==================== End Of Log ============================
--- --- ---


Danke für deine Hilfe!

Glaubst du es besteht eine Möglichkeit das ich meinem Laptop nochmal trauen kann ohne ihn zu formatieren?

Beste Grüße,
Markus

schrauber 07.03.2014 16:48

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

PP88 07.03.2014 22:35
Hallo Schrauber,

kann ich denn nach dem Onlinescan meine Anti-Virus Software und meine Firewall wieder aktivieren?

Beste Grüße,
Markus

so, nun habe ich die nächsen Logfiles erstellt.

Ich Danke dir erst mal sehr für deine Hilfe, Firefox funktioniert mittlerweile wieder.

Hier erst mal die LogFiles:

Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=92eccbd82fb19c44bd70b729fb87d793
# engine=17358
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-07 08:52:02
# local_time=2014-03-07 09:52:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1082137 11027206 0 0
# compatibility_mode=5893 16776573 100 94 135591 145856713 0 0
# scanned=592447
# found=11
# cleaned=0
# scan_time=17001
sh=4D52A31EF35C6AD0E91F44139D1E402BF1C5E380 ft=1 fh=40ad491ee4db0ae4 vn="multiple threats" ac=I fn="E:\Downloads\install_flash_player.exe"
sh=862C47FE3A7C7257A25AC0F58BFCAF5810263135 ft=0 fh=0000000000000000 vn="Win32/Adware.ToolPlugin application" ac=I fn="E:\*****-PC\Backup Set 2011-10-09 224401\Backup Files 2011-11-13 190003\Backup files 1.zip"
sh=F7123A16340F4EC407C8200D7444A7762B608F60 ft=0 fh=0000000000000000 vn="Win32/Adware.ToolPlugin application" ac=I fn="E:\*****-PC\Backup Set 2012-01-23 000955\Backup Files 2012-01-23 000955\Backup files 2.zip"
sh=50953DB3A5204B4E7AB89BD003B502458E3057EE ft=0 fh=0000000000000000 vn="JS/Iframe.CV trojan" ac=I fn="E:\*****-PC\Backup Set 2012-01-23 000955\Backup Files 2012-02-19 190014\Backup files 1.zip"
sh=5B34B45B382805CDFF05581D16133C5E4052058E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2011-3544.DD trojan" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache1979475170688956033.tmp"
sh=40F1A31211B7288650BAE5DEB0FE1931929DDED1 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache3458911331998420176.tmp"
sh=52701A66D87642F0DBA27EEB36A7D524E3B4A32B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache4934358429111038185.tmp"
sh=DFC57922038BFC73B7EE41C4AA4246392D0D5EB4 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.AH trojan" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache4939099841118595021.tmp"
sh=8D4B302C02A0EF8A6FA8F1FBF00D6E10F12A606E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.ONV trojan" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\jar_cache7351464586270954530.tmp"
sh=4D52A31EF35C6AD0E91F44139D1E402BF1C5E380 ft=1 fh=40ad491ee4db0ae4 vn="multiple threats" ac=I fn="E:\Windows.old\Users\*****\AppData\Local\Temp\YadHMygV.exe.part"
sh=4D52A31EF35C6AD0E91F44139D1E402BF1C5E380 ft=1 fh=40ad491ee4db0ae4 vn="multiple threats" ac=I fn="E:\Windows.old\Users\*****\Downloads\install_flash_player.exe"
Code:
Results of screen317's Security Check version 0.99.80 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Adobe Flash Player        12.0.0.70 
 Mozilla Firefox (27.0.1)
 Mozilla Thunderbird (17.0.8)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014 01
Ran by ***** (administrator) on *****-PC on 07-03-2014 22:22:02
Running from C:\Users\*****\Downloads
Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMAgent.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMScan.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [Spotify Web Helper] - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-12-16] (Jumping Bytes)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: F - F:\sources\sperr32.exe x64
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: {8194dac8-be41-11e2-8b92-806e6f6e6963} - D:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDC4B6855652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "192.168.0.3"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.3"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.3"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "192.168.0.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.168.0.3"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\amazon-icon@giga.de [2014-03-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-16]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-02-18] (Juniper Networks)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
R2 postgresql-9.3; C:/Program Files/PostgreSQL/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2013-02-18] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-16] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [136904 2014-01-23] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [17864 2014-01-23] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [153672 2014-01-23] (MCCI Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [130376 2014-01-23] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 22:22 - 2014-03-07 22:22 - 00012280 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-07 22:21 - 2014-03-07 22:21 - 01145344 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-03-07 22:13 - 2014-03-07 22:13 - 00987442 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-03-07 22:08 - 2014-03-07 22:10 - 00002876 _____ () C:\Users\*****\Desktop\ESET.txt
2014-03-07 16:58 - 2014-03-07 16:58 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:30 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:21 - 2014-03-06 18:25 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:21 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:51 - 2014-03-06 15:51 - 00024833 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:12 - 2014-03-07 22:22 - 00000000 ____D () C:\FRST
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 08:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:10 - 2014-03-04 20:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:10 - 2014-03-03 23:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:09 - 2014-03-03 23:28 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:50 - 2014-03-03 21:54 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:46 - 2014-01-23 04:21 - 00153672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00136904 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00130376 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssceserd.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00017864 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-22 22:04 - 2014-02-23 00:25 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-18 23:51 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:33 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-18 23:33 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 23:04 - 2014-02-25 20:17 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:58 - 2014-02-18 22:59 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:55 - 2014-02-18 22:56 - 00000000 ____D () C:\Python33
2014-02-18 22:53 - 2014-02-25 15:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 22:52 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:52 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-02-18 22:52 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-02-18 22:52 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-02-18 22:52 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2014-02-18 22:52 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-02-18 22:52 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-02-18 22:52 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-02-18 22:52 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2014-02-18 22:52 - 2009-06-10 22:34 - 00316640 _____ () C:\Windows\WMSysPr9.prx
2014-02-18 22:51 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:51 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-02-18 22:50 - 2014-02-25 15:44 - 00000000 ____D () C:\Program Files\Samsung
2014-02-18 22:48 - 2014-02-18 22:49 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:30 - 2014-02-18 20:39 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 20:17 - 2014-02-18 20:41 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 08:34 - 2014-02-18 08:36 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:32 - 2014-02-18 08:33 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:34 - 2014-02-17 11:44 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:01 - 2014-02-16 19:03 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:52 - 2014-02-16 18:58 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:51 - 2014-02-16 19:05 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:45 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:44 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:35 - 2014-02-16 18:37 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:16 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:16 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:16 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:16 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:16 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:16 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:16 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:16 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:16 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:16 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:16 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:16 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:16 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:16 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:16 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:16 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:16 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:16 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:58 - 2014-02-12 16:10 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 16:13 - 2014-02-12 17:01 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 14:55 - 2014-02-12 14:54 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:35 - 2014-02-14 09:40 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-12 14:08 - 2014-02-12 14:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:59 - 2014-02-12 13:49 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-06 20:07 - 2014-02-07 14:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-03-07 22:22 - 2014-03-07 22:22 - 00012280 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-07 22:22 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-07 22:21 - 2014-03-07 22:21 - 01145344 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-03-07 22:13 - 2014-03-07 22:13 - 00987442 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-03-07 22:11 - 2013-10-14 05:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 22:10 - 2014-03-07 22:08 - 00002876 _____ () C:\Users\*****\Desktop\ESET.txt
2014-03-07 21:51 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 21:51 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 20:41 - 2013-05-16 17:01 - 01080025 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 17:05 - 2010-11-20 22:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-07 16:58 - 2014-03-07 16:58 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-03-07 16:51 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 16:51 - 2009-07-14 05:07 - 00049391 _____ () C:\Windows\setupact.log
2014-03-07 12:13 - 2013-09-30 19:01 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-03-07 08:31 - 2013-05-16 17:54 - 00000000 ____D () C:\Users\*****
2014-03-06 20:07 - 2013-08-02 22:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:25 - 2014-03-06 18:21 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:20 - 2014-03-06 18:30 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 18:14 - 2013-05-16 17:58 - 00000000 ____D () C:\Windows\Panther
2014-03-06 18:14 - 2010-11-20 22:49 - 00255550 _____ () C:\Windows\PFRO.log
2014-03-06 17:58 - 2014-03-06 18:21 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:51 - 2014-03-06 15:51 - 00024833 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-06 15:35 - 2013-10-01 07:45 - 00000000 ____D () C:\Program Files\BaSyTec
2014-03-06 07:28 - 2009-07-14 05:17 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:56 - 2013-09-13 08:52 - 336285250 _____ () C:\Windows\MEMORY.DMP
2014-03-05 17:56 - 2013-09-13 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:10 - 2014-03-05 17:10 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 07:23 - 2013-05-19 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:11 - 2014-03-04 20:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 16:03 - 2013-12-04 09:30 - 00000000 ____D () C:\Users\*****\Documents\Praktikum_Deutronic
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:28 - 2014-03-03 23:09 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:26 - 2014-03-03 23:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:54 - 2014-03-03 21:50 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:18 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-26 17:22 - 2013-05-17 18:53 - 00000000 ____D () C:\Users\*****\Documents\MATLAB
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-25 20:17 - 2014-02-18 23:04 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-25 15:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-25 15:45 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-25 15:44 - 2014-02-18 22:50 - 00000000 ____D () C:\Program Files\Samsung
2014-02-25 15:43 - 2014-02-18 22:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-24 22:08 - 2013-09-18 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2014-02-24 20:52 - 2013-09-18 17:03 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2014-02-24 08:25 - 2013-09-30 17:50 - 00000000 ____D () C:\Users\*****\Desktop\Programme
2014-02-23 00:25 - 2014-02-22 22:04 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-22 18:18 - 2013-12-22 23:33 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 18:18 - 2013-05-16 20:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 18:18 - 2013-05-16 20:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 17:11 - 2013-05-16 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:11 - 2013-05-16 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-19 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:51 - 2014-02-18 22:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-18 23:33 - 2013-05-16 20:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 23:31 - 2013-09-30 18:48 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:59 - 2014-02-18 22:58 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:56 - 2014-02-18 22:55 - 00000000 ____D () C:\Python33
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:49 - 2014-02-18 22:48 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:41 - 2014-02-18 20:17 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:39 - 2014-02-18 20:30 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 13:48 - 2013-09-30 17:57 - 00000000 ____D () C:\Users\*****\Praktikum
2014-02-18 11:12 - 2014-01-28 08:30 - 00000000 ____D () C:\Users\*****\Bachelorarbeit
2014-02-18 11:11 - 2013-10-08 07:04 - 00079872 ___SH () C:\Users\*****\Thumbs.db
2014-02-18 08:36 - 2014-02-18 08:34 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:33 - 2014-02-18 08:32 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:44 - 2014-02-17 11:34 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:05 - 2014-02-16 18:51 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.rar
2014-02-16 19:03 - 2014-02-16 19:01 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r01
2014-02-16 18:58 - 2014-02-16 18:52 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-Audiobook-2011-kooba.r00
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:49 - 2014-02-16 18:45 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:49 - 2014-02-16 18:44 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-02-16 18:37 - 2014-02-16 18:35 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-14 09:40 - 2014-02-12 14:35 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2013-08-06 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:14 - 2013-05-16 20:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:01 - 2014-02-12 16:13 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 16:10 - 2014-02-12 16:58 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 14:54 - 2014-02-12 14:55 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:13 - 2014-02-12 14:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:49 - 2014-02-12 13:59 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-9.3.1-1-windows.exe
2014-02-11 14:06 - 2014-01-16 12:27 - 00000000 ____D () C:\Users\*****\Documents\Praesentation_Deutronic_Praktikum
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-07 16:33 - 2014-02-18 23:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-07 14:09 - 2014-02-06 20:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-12 17:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-12 17:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-12 17:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-12 17:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-12 17:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 17:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 17:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-12 17:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-12 17:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-12 17:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-12 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-12 17:16 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-12 17:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-12 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-12 17:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 17:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 17:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-12 17:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-12 17:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-12 17:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\Checkupdate.exe
C:\Users\*****\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\gcapi_dll.dll
C:\Users\*****\AppData\Local\Temp\GdiPlus.dll
C:\Users\*****\AppData\Local\Temp\gtapi_signed.dll
C:\Users\*****\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\*****\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\*****\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\*****\AppData\Local\Temp\pyl2665.tmp.exe
C:\Users\*****\AppData\Local\Temp\pyl7DBA.tmp.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 09:25

==================== End Of Log ============================
--- --- ---

--- --- ---


Ich habe tatsächlich noch ein paar fragen:

1. Weißt du wie ich mir des eingefangen habe?
2. Weißt du was ich anders machen kann um dies zukünftig zu verhindern?
3. Ist mein Laptop nun wieder so sicher, dass ich auch Online Banking wieder machen kann?

Vielen Dank schon mal für die Antworten falls du die Zeit findest.

Beste Grüße,
Markus

schrauber 08.03.2014 20:08
Wir müssen noch kurz Dienste checken, dann sind wir durch. Fragen machen wir dann :)

Laufwerk E:

Backup löschen, Windows.old ordner löschen


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



PP88 09.03.2014 09:25
Hallo Schrauber,

alles klar. Ich folge dir blind aufs Wort. ;)

Backup ist gelöscht. Windows.old-Ordner ist gelöscht, TFC ist durchgelaufen.

Hier der Inhalt der FSS.txt:

Code:
Farbar Service Scanner Version: 25-02-2014
Ran by ***** (administrator) on 09-03-2014 at 09:17:28
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Professional N  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-11-26 18:08] - [2013-11-26 18:08] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-11-26 18:08] - [2013-11-26 18:08] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-09-13 07:51] - [2013-07-09 05:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-17 22:29] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
Und immer wieder tausen Dank.. :)

Beste Grüße,
Markus

schrauber 10.03.2014 09:57
Downloade dir bitte Windows Repair (All In One) von hier.

Frisches FSS und FRST log bitte.

PP88 10.03.2014 20:58
Hallo Schrauber,

soweit alles erledigt, hier ist FSS:

Code:
Farbar Service Scanner Version: 25-02-2014
Ran by ***** (administrator) on 10-03-2014 at 20:50:44
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Professional N  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-11-26 18:08] - [2013-11-26 18:08] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-11-26 18:08] - [2013-11-26 18:08] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-09-13 07:51] - [2013-07-09 05:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-17 22:29] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01
Ran by ***** (administrator) on *****-PC on 10-03-2014 20:55:11
Running from C:\Users\*****\Downloads
Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Jumping Bytes) C:\Program Files\Mobile Master\MMScan.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-

Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [Spotify Web Helper] - C:\Users\*****\AppData\Roaming\Spotify\Data

\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio

\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-

02-07] (Samsung)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -

startup
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Run: [MMAgent] - C:\Program Files\Mobile Master\MMAgent.exe [1412080 2013-

12-16] (Jumping Bytes)
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: F - F:\sources\sperr32.exe x64
HKU\S-1-5-21-3776841550-2335425540-3856683877-1000\...\MountPoints2: {8194dac8-be41-11e2-8b92-806e6f6e6963} - D:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDC4B6855652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST

Software)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast

\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "192.168.0.3"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.3"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.3"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "192.168.0.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.168.0.3"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader

\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader

\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\amazon-icon@giga.de

[2014-03-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fdt5qvea.default\Extensions\{d10d0bf8-f5b5-

c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-16]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker

\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1\ []

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-02-18] (Juniper Networks)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit

Corporation)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper

Networks, Inc.)
S2 postgresql-9.3; C:/Program Files/PostgreSQL/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D "C:/Program

Files/PostgreSQL/9.3/data" -w [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2013-02-18] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-16] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [136904 2014-01-23] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [17864 2014-01-23] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [153672 2014-01-23] (MCCI Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [130376 2014-01-23] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-10 20:53 - 2014-03-10 20:53 - 00000000 ____D () C:\Users\*****\Downloads\FRST-OlderVersion
2014-03-10 20:50 - 2014-03-10 20:51 - 00002628 _____ () C:\Users\*****\Desktop\FSS.txt
2014-03-10 20:05 - 2014-03-10 20:25 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-10 20:02 - 2014-03-10 20:02 - 00000000 ____D () C:\RegBackup
2014-03-10 19:22 - 2014-03-10 19:22 - 00003336 _____ () C:\bootsqm.dat
2014-03-10 19:13 - 2014-03-10 19:15 - 00000000 ____D () C:\Users\*****\Downloads\Tweaking.com - Windows Repair
2014-03-10 18:07 - 2014-03-10 18:07 - 00024120 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-10 06:49 - 2014-03-10 06:49 - 33488656 _____ (Foxit Corporation ) C:\Users\*****\Downloads

\FoxitReader614.0217_enu_Setup.exe
2014-03-09 11:07 - 2014-03-09 11:36 - 00000000 ____D () C:\Users\*****\Matlab_install
2014-03-09 10:22 - 2014-03-09 10:22 - 00000258 _____ () C:\Users\*****\defogger_enable.log
2014-03-09 10:21 - 2014-03-09 10:21 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-03-09 09:16 - 2014-03-09 09:16 - 00409600 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2014-03-09 08:26 - 2014-03-09 08:26 - 00448512 _____ (OldTimer Tools) C:\Users\*****\Desktop\TFC.exe
2014-03-08 11:57 - 2014-03-08 15:10 - 00000000 ____D () C:\Users\*****\Documents\Minimalbeispiel
2014-03-07 22:22 - 2014-03-10 20:55 - 00012297 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-07 22:21 - 2014-03-10 20:53 - 01145856 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-03-07 22:13 - 2014-03-07 22:13 - 00987442 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-03-07 16:58 - 2014-03-07 16:58 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:30 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:21 - 2014-03-06 18:25 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:21 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 17:12 - 2014-03-10 20:55 - 00000000 ____D () C:\FRST
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 08:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:10 - 2014-03-04 20:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:10 - 2014-03-03 23:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:09 - 2014-03-03 23:28 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:50 - 2014-03-03 21:54 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:46 - 2014-01-23 04:21 - 00153672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00136904 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00130376 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssceserd.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00017864 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015560 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2014-03-03 21:46 - 2014-01-23 04:21 - 00015304 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-

1.9.5.2.exe
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-22 22:04 - 2014-02-23 00:25 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-18 23:51 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:33 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-02-18 23:33 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 23:04 - 2014-02-25 20:17 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:58 - 2014-02-18 22:59 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:55 - 2014-02-18 22:56 - 00000000 ____D () C:\Python33
2014-02-18 22:53 - 2014-02-25 15:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 22:52 - 2014-03-03 21:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:52 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-02-18 22:52 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-02-18 22:52 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-02-18 22:52 - 2009-07-14 02:16 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2014-02-18 22:52 - 2009-07-14 02:16 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2014-02-18 22:52 - 2009-07-14 02:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-02-18 22:52 - 2009-07-14 02:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2014-02-18 22:52 - 2009-07-14 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2014-02-18 22:52 - 2009-07-14 02:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-02-18 22:52 - 2009-07-14 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-02-18 22:52 - 2009-07-14 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-02-18 22:52 - 2009-07-14 02:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2014-02-18 22:52 - 2009-06-10 22:34 - 00316640 _____ () C:\Windows\WMSysPr9.prx
2014-02-18 22:51 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:51 - 2009-07-14 02:16 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-02-18 22:51 - 2009-07-14 02:16 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-02-18 22:51 - 2009-07-14 02:16 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00986624 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-02-18 22:51 - 2009-07-14 02:15 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-02-18 22:50 - 2014-02-25 15:44 - 00000000 ____D () C:\Program Files\Samsung
2014-02-18 22:48 - 2014-02-18 22:49 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:30 - 2014-02-18 20:39 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 20:17 - 2014-02-18 20:41 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 08:34 - 2014-02-18 08:36 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:32 - 2014-02-18 08:33 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads

\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:34 - 2014-02-17 11:44 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:01 - 2014-02-16 19:03 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.r01
2014-02-16 18:52 - 2014-02-16 18:58 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.r00
2014-02-16 18:51 - 2014-02-16 19:05 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.rar
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:45 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:44 - 2014-02-16 18:49 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-

Downloader.exe
2014-02-16 18:35 - 2014-02-16 18:37 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:16 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:16 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:16 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:16 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:16 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:16 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:16 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:16 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:16 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:16 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:16 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:16 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:16 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:16 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:16 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:16 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:16 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:16 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:16 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:58 - 2014-02-12 16:10 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 16:13 - 2014-02-12 17:01 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 14:55 - 2014-02-12 14:54 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:35 - 2014-02-14 09:40 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-12 14:08 - 2014-02-12 14:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:59 - 2014-02-12 13:49 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-

9.3.1-1-windows.exe
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe

==================== One Month Modified Files and Folders =======

2014-03-10 20:55 - 2014-03-07 22:22 - 00012297 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-10 20:55 - 2014-03-05 17:12 - 00000000 ____D () C:\FRST
2014-03-10 20:53 - 2014-03-10 20:53 - 00000000 ____D () C:\Users\*****\Downloads\FRST-OlderVersion
2014-03-10 20:53 - 2014-03-07 22:21 - 01145856 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-03-10 20:51 - 2014-03-10 20:50 - 00002628 _____ () C:\Users\*****\Desktop\FSS.txt
2014-03-10 20:32 - 2010-11-20 22:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-10 20:27 - 2010-11-20 22:49 - 00256672 _____ () C:\Windows\PFRO.log
2014-03-10 20:27 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 20:27 - 2009-07-14 05:07 - 00049839 _____ () C:\Windows\setupact.log
2014-03-10 20:27 - 2009-07-14 05:02 - 00311520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-10 20:26 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-

A289-439d-8115-601632D005A0
2014-03-10 20:26 - 2009-07-14 05:02 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-

A289-439d-8115-601632D005A0
2014-03-10 20:25 - 2014-03-10 20:05 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-10 20:24 - 2013-05-16 17:01 - 01283303 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 20:11 - 2013-10-14 05:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 20:02 - 2014-03-10 20:02 - 00000000 ____D () C:\RegBackup
2014-03-10 19:44 - 2013-08-02 22:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-03-10 19:31 - 2013-09-18 17:03 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2014-03-10 19:31 - 2013-09-18 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2014-03-10 19:22 - 2014-03-10 19:22 - 00003336 _____ () C:\bootsqm.dat
2014-03-10 19:15 - 2014-03-10 19:13 - 00000000 ____D () C:\Users\*****\Downloads\Tweaking.com - Windows Repair
2014-03-10 18:07 - 2014-03-10 18:07 - 00024120 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-03-10 08:45 - 2013-09-30 19:01 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-03-10 06:52 - 2013-05-19 14:00 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Foxit Software
2014-03-10 06:49 - 2014-03-10 06:49 - 33488656 _____ (Foxit Corporation ) C:\Users\*****\Downloads

\FoxitReader614.0217_enu_Setup.exe
2014-03-09 11:36 - 2014-03-09 11:07 - 00000000 ____D () C:\Users\*****\Matlab_install
2014-03-09 11:08 - 2013-05-16 17:54 - 00000000 ____D () C:\Users\*****
2014-03-09 10:22 - 2014-03-09 10:22 - 00000258 _____ () C:\Users\*****\defogger_enable.log
2014-03-09 10:22 - 2013-10-08 07:04 - 00079872 ___SH () C:\Users\*****\Thumbs.db
2014-03-09 10:21 - 2014-03-09 10:21 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-03-09 09:16 - 2014-03-09 09:16 - 00409600 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2014-03-09 08:26 - 2014-03-09 08:26 - 00448512 _____ (OldTimer Tools) C:\Users\*****\Desktop\TFC.exe
2014-03-08 15:10 - 2014-03-08 11:57 - 00000000 ____D () C:\Users\*****\Documents\Minimalbeispiel
2014-03-07 22:13 - 2014-03-07 22:13 - 00987442 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-03-07 16:58 - 2014-03-07 16:58 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-03-06 18:32 - 2014-03-06 18:32 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 18:25 - 2014-03-06 18:21 - 00000000 ____D () C:\AdwCleaner
2014-03-06 18:20 - 2014-03-06 18:30 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT (1).exe
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe.3ra3i30.partial
2014-03-06 18:20 - 2014-03-06 18:20 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT (1).exe
2014-03-06 18:14 - 2013-05-16 17:58 - 00000000 ____D () C:\Windows\Panther
2014-03-06 17:58 - 2014-03-06 18:21 - 01244192 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-03-06 17:58 - 2014-03-06 17:58 - 01244192 _____ () C:\Users\*****\Downloads\adwcleaner.exe
2014-03-06 15:35 - 2013-10-01 07:45 - 00000000 ____D () C:\Program Files\BaSyTec
2014-03-06 07:28 - 2009-07-14 05:17 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 17:56 - 2014-03-05 17:56 - 00152248 _____ () C:\Windows\Minidump\030514-23821-01.dmp
2014-03-05 17:56 - 2013-09-13 08:52 - 336285250 _____ () C:\Windows\MEMORY.DMP
2014-03-05 17:56 - 2013-09-13 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-03-05 17:19 - 2014-03-05 17:19 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-03-05 08:19 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 08:18 - 2014-03-05 08:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 07:23 - 2013-05-19 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 20:11 - 2014-03-04 20:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 20:11 - 2014-03-04 20:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 16:03 - 2013-12-04 09:30 - 00000000 ____D () C:\Users\*****\Documents\Praktikum_Deutronic
2014-03-04 12:29 - 2014-03-04 12:29 - 00000999 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000969 _____ () C:\Users\*****\Desktop\QuickDic.lnk
2014-03-04 12:29 - 2014-03-04 12:29 - 00000000 ____D () C:\Program Files\QuickDic
2014-03-04 09:39 - 2014-03-04 09:39 - 00000000 ____D () C:\Users\*****\AppData\Local\Mobile Master
2014-03-04 00:18 - 2014-03-04 00:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Tempa72636ee026910241cae8b72bf567bea
2014-03-03 23:42 - 2014-03-03 23:42 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-03 23:28 - 2014-03-03 23:09 - 00000000 ____D () C:\Program Files\Mobile Master
2014-03-03 23:26 - 2014-03-03 23:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00001046 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\ProgramData\Mobile Master
2014-03-03 23:10 - 2014-03-03 23:10 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2014-03-03 23:07 - 2014-03-03 23:07 - 23225448 _____ (Jumping Bytes) C:\Users\*****\Downloads\MobileMasterInst.exe
2014-03-03 23:07 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Jumping Bytes
2014-03-03 22:52 - 2014-03-03 22:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Temp04de20ab33f250e94b926d0514a93b1c
2014-03-03 22:50 - 2014-03-03 22:50 - 01058296 _____ () C:\Users\*****\Downloads\Microsoft-Outlook-2013-lnstall.exe
2014-03-03 21:54 - 2014-03-03 21:50 - 00000000 ____D () C:\Users\*****\Handykarte
2014-03-03 21:48 - 2014-03-03 21:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-03 21:18 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Samsung
2014-02-26 17:22 - 2013-05-17 18:53 - 00000000 ____D () C:\Users\*****\Documents\MATLAB
2014-02-25 20:22 - 2014-02-25 20:22 - 01095461 _____ (pendrivelinux.com) C:\Users\*****\Downloads\Universal-USB-Installer-

1.9.5.2.exe
2014-02-25 20:17 - 2014-02-18 23:04 - 00000000 ____D () C:\Program Files\MarkAny
2014-02-25 15:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 15:45 - 2014-02-25 15:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-25 15:45 - 2014-02-18 23:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Samsung
2014-02-25 15:44 - 2014-02-18 22:50 - 00000000 ____D () C:\Program Files\Samsung
2014-02-25 15:43 - 2014-02-18 22:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-24 08:25 - 2013-09-30 17:50 - 00000000 ____D () C:\Users\*****\Desktop\Programme
2014-02-23 00:25 - 2014-02-22 22:04 - 00000000 ____D () C:\Users\*****\Documents\Python
2014-02-22 18:18 - 2013-12-22 23:33 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 18:18 - 2013-05-16 20:38 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 18:18 - 2013-05-16 20:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 18:18 - 2013-05-16 20:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 17:11 - 2013-05-16 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 17:11 - 2013-05-16 20:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:50 - 2014-02-21 09:50 - 00000000 ____D () C:\Program Files\BeCyPDFMetaEdit
2014-02-20 09:36 - 2014-02-20 09:36 - 00036629 _____ () C:\Users\*****\Desktop\Nyquist_Beispiel.fig
2014-02-20 06:50 - 2014-02-20 06:50 - 00286014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00290518 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-20 06:49 - 2014-02-20 06:49 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-19 16:01 - 2014-02-19 16:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-19 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:51 - 2014-02-18 22:51 - 00000000 ____D () C:\Users\*****\Documents\Samsung
2014-02-18 23:42 - 2014-02-18 23:42 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-18 23:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-18 23:33 - 2013-05-16 20:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 23:31 - 2013-09-30 18:48 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-02-18 23:07 - 2014-02-18 23:07 - 00002092 _____ () C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00002005 _____ () C:\Users\Public\Desktop\Komodo Edit 8.lnk
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ActiveState
2014-02-18 22:59 - 2014-02-18 22:59 - 00000000 ____D () C:\Users\*****\AppData\Local\ActiveState
2014-02-18 22:59 - 2014-02-18 22:58 - 00000000 ____D () C:\Program Files\ActiveState Komodo Edit 8
2014-02-18 22:56 - 2014-02-18 22:55 - 00000000 ____D () C:\Python33
2014-02-18 22:52 - 2014-02-18 22:52 - 00000000 ____D () C:\Users\*****\Documents\My NPS Files
2014-02-18 22:51 - 2014-02-18 22:51 - 00053631 _____ () C:\Users\*****\Downloads\hashmyfiles_v1.90.zip
2014-02-18 22:49 - 2014-02-18 22:48 - 08444896 _____ (abylonsoft ) C:\Users\*****\Downloads\FreeHash.exe
2014-02-18 20:41 - 2014-02-18 20:17 - 73908224 _____ () C:\Users\*****\Downloads\Komodo-Edit-8.5.3-14067.msi
2014-02-18 20:39 - 2014-02-18 20:39 - 00000000 ____D () C:\Program Files\abylonsoft
2014-02-18 20:39 - 2014-02-18 20:30 - 20627456 _____ () C:\Users\*****\Downloads\python-3.3.4.msi
2014-02-18 13:48 - 2013-09-30 17:57 - 00000000 ____D () C:\Users\*****\Praktikum
2014-02-18 11:12 - 2014-01-28 08:30 - 00000000 ____D () C:\Users\*****\Bachelorarbeit
2014-02-18 08:36 - 2014-02-18 08:34 - 173838160 _____ () C:\Users\*****\Downloads\New_PC_Studio_1.5.1.exe
2014-02-18 08:33 - 2014-02-18 08:32 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\*****\Downloads

\KiesSetup_2.6.2.14014_6.exe
2014-02-17 11:44 - 2014-02-17 11:34 - 00014458 _____ () C:\Users\*****\Desktop\HybEIS.eps
2014-02-16 19:05 - 2014-02-16 18:51 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.rar
2014-02-16 19:03 - 2014-02-16 19:01 - 101832237 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.r01
2014-02-16 18:58 - 2014-02-16 18:52 - 200000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Das_Kaenguru_Manifest-4CD-DE-

Audiobook-2011-kooba.r00
2014-02-16 18:50 - 2014-02-16 18:50 - 35692185 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r02
2014-02-16 18:49 - 2014-02-16 18:45 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r01
2014-02-16 18:49 - 2014-02-16 18:44 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.r00
2014-02-16 18:40 - 2014-02-16 18:40 - 00614816 _____ (Chip Digital GmbH) C:\Users\*****\Downloads\7 Zip 32 Bit - CHIP-

Downloader.exe
2014-02-16 18:37 - 2014-02-16 18:35 - 150000000 _____ () C:\Users\*****\Downloads\Marc-Uwe_Kling_-_Die_Kaenguru-

Chroniken_Live_Und_Ungekuerzt-4CD-DE-Audiobook-2012-kooba.rar
2014-02-14 09:40 - 2014-02-12 14:35 - 00014898 _____ () C:\Users\*****\Documents\pgadmin.log
2014-02-13 17:53 - 2014-02-13 17:53 - 00000000 ____D () C:\Users\*****\Documents\PostregSQL
2014-02-12 17:16 - 2013-08-06 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:14 - 2013-05-16 20:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:01 - 2014-02-12 16:13 - 00000149 _____ () C:\Windows\ODBC.INI
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\psqlODBC
2014-02-12 16:10 - 2014-02-12 16:58 - 01611377 _____ () C:\Users\*****\Downloads\psqlodbc_09_03_0100.zip
2014-02-12 14:54 - 2014-02-12 14:55 - 00587152 _____ () C:\Users\*****\Downloads\postgresql-9.3-1100.jdbc4.jar
2014-02-12 14:13 - 2014-02-12 14:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\postgresql
2014-02-12 14:04 - 2014-02-12 14:04 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-02-12 13:49 - 2014-02-12 13:59 - 52968360 _____ (PostgreSQL Global Development Group) C:\Users\*****\Downloads\postgresql-

9.3.1-1-windows.exe
2014-02-11 14:06 - 2014-01-16 12:27 - 00000000 ____D () C:\Users\*****\Documents\Praesentation_Deutronic_Praktikum
2014-02-10 18:12 - 2014-02-10 18:12 - 02658816 _____ (Python Software Foundation) C:\Windows\system32\python33.dll
2014-02-10 18:11 - 2014-02-10 18:11 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 07:25

==================== End Of Log ============================
--- --- ---


what's next? :)

Beste Grüße
Markus

schrauber 11.03.2014 13:44
Wie läuft der Rechner?

PP88 11.03.2014 14:11
Hallo,

an sich beschwerdefrei momentan.
Gutes Zeichen?

Beste Grüße,
Markus

schrauber 12.03.2014 09:45
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

PP88 21.03.2014 22:04
Hallo schrauber,

tut mir unendlich leid, dass ich jetzt erst antworte. Allerdings hatte ich total viel Stress und es waren ja doch einige Aufträge die du mir gegeben hast. ;)

Ein ganz großes Dankeschön für alles, ich werde sicher eine entsprechende Bewertung hinterlassen.

Also ein muss ich jetzt noch wissen, dann kannst du den Thread schließen.

Würdest du meinem System jetzt wieder soweit trauen, damit du Onlineüberweisungen tätigen würdest?

Beste Grüße
Markus

schrauber 22.03.2014 19:03
Ja würde ich :)

PP88 24.03.2014 08:29
Alles klar,
das wollte ich hören. :)

Vielen Dank nochmal.

Beste Grüße
Markus


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:12 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131