Trojaner-Board - pup.optional.conduit.a

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - pup.optional.conduit.a (https://www.trojaner-board.de/142786-pup-optional-conduit-a.html)

pup.optional.conduit.a

Hallo,

ich habe, nachdem mein Origin Account gehackt wurde einen Scan mit Malwarebytes gemacht. Dabei wurden 8 Dateien mit pup.optional.conduit.a gefunden.
Wie lange es drauf ist weiß ich leider nicht. Die einzigen Probleme, die mir am PC aufgefallen sind, waren besagter Origin Account und das es auf C: Speicherschwankungen gab.
Ich hoffe ihr könnte mir weiterhelfen und schonmal vielen Dank im Vorraus.

Mfg Raeve

Logfile:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Admin :: CYPHER [Administrator]

09.10.2013 18:34:38
MBAM-log-2013-10-09 (21-13-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 594789
Laufzeit: 1 Stunde(n), 35 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\Admin\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Admin\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Admin\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 5
C:\Users\Admin\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Admin\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Admin\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Admin\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Admin\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

(Ende)

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hi,

danke für deine schnelle Antwort. Ich habe bisher noch nichts gelöscht, war das richtig so oder sollte ich das jetzt schon machen?

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Matthias (ATTENTION: The logged in user is not administrator) on CYPHER on 09-10-2013 23:12:08

Running from G:\

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

(Logitech, Inc.) D:\Programme\Logitech\SetPoint\SetPointP\SetPoint.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) D:\Programme\Zune\ZuneLauncher.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

(Mozilla Corporation) D:\Programme\Mozilla\Firefox\firefox.exe

(Microsoft Corporation) D:\Programme\Office 2010\Office14\WINWORD.EXE

(Mozilla Corporation) D:\Programme\Mozilla\Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Microsoft Corporation) C:\Windows\system32\msdt.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2191632 2007-07-18] (Logitech Inc.)

HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3036944 2007-07-18] (Logitech Inc.)

HKLM\...\Run: [EvtMgr6] - D:\Programme\Logitech\SetPoint\SetPointP\SetPoint.exe [1680976 2010-10-29] (Logitech, Inc.)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)

HKLM\...\Run: [Zune Launcher] - D:\Programme\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - F:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKCU\...\Run: [Logitech Vid HD] - "D:\Programme\Webcam\Vid\vid.exe" -bootmode

HKCU\...\Run: [Logitech Vid] - "D:\Programme\Webcam\Vid\Vid.exe" -bootmode

MountPoints2: {ca63f40f-2e47-11e0-9a72-806e6f6e6963} - I:\SETUP.EXE

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk

ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk

ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk

ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8137FF955CC2CB01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\11-suche.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\duckduckgo.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\englische-ergebnisse.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\gmx-suche.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\lastminute.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\webde-suche.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\wot-safe-search.xml

FF Extension: Fasterfox Lite - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\FasterFox_Lite@BigRedBrent

FF Extension: Flashblock - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF Extension: Fire.fm - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}

FF Extension: WOT - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF Extension: feedly - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\feedly@devhd.xpi

FF Extension: jid1-ZAdIEUB7XOzOJw - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Mozilla\Firefox\firefox.exe
 

==================== Services (Whitelisted) =================
 

R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)

R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-07] ()

S2 psrem02; C:\Windows\system32\psrem02.exe [606328 2006-05-11] (Protection Technology)

R2 SBSDWSCService; D:\Programme\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S2 sfrem01; C:\Windows\system32\sfrem01.exe [601208 2006-07-05] (Protection Technology (StarForce))

S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies)

S3 WMZuneComm; D:\Programme\Zune\WMZuneComm.exe [306400 2011-08-05] (Microsoft Corporation)

S3 ZuneNetworkSvc; D:\Programme\Zune\ZuneNss.exe [8277728 2011-08-05] (Microsoft Corporation)

S3 ZuneWlanCfgSvc; D:\Programme\Zune\ZuneWlanCfgSvc.exe [467680 2011-08-05] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

R0 psdrv02; C:\Windows\System32\drivers\psdrv02.sys [74616 2006-09-11] (Protection Technology)

R0 pssync05; C:\Windows\System32\drivers\pssync05.sys [80768 2006-11-03] (Protection Technology)

R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))

R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce))

R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-09 23:12 - 2013-10-09 23:12 - 00000000 ____D C:\FRST

2013-10-09 18:29 - 2013-10-09 18:29 - 00000623 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-09 18:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-09 18:01 - 2013-10-09 18:01 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-08 17:05 - 2013-10-08 17:05 - 00000000 ____D C:\Users\Matthias\Documents\Egosoft

2013-10-08 15:44 - 2013-10-08 15:49 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4 Beta

2013-10-08 15:25 - 2013-10-08 15:25 - 00000202 _____ C:\Users\Matthias\Desktop\X3 Albion Prelude.url

2013-10-08 15:25 - 2013-10-08 15:25 - 00000200 _____ C:\Users\Matthias\Desktop\X3 Terran Conflict.url

2013-10-07 10:45 - 2013-10-07 10:49 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4

2013-10-04 23:42 - 2013-10-04 23:42 - 00000000 ____D C:\Users\Admin\AppData\Local\ESN

2013-10-04 23:40 - 2013-10-04 23:40 - 00000784 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk

2013-10-04 23:39 - 2013-10-04 23:39 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-04 23:08 - 2013-10-04 23:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Origin

2013-10-04 23:08 - 2013-10-04 23:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Origin

2013-10-04 23:06 - 2013-10-04 23:07 - 00000544 _____ C:\Windows\DXError.log

2013-09-17 19:46 - 2013-09-17 19:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Guild Wars 2

2013-09-17 09:05 - 2013-09-17 09:05 - 00000517 _____ C:\Users\Public\Desktop\FTL.lnk

2013-09-17 09:04 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-17 09:04 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-17 09:04 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-17 09:04 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-17 09:04 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2013-09-17 09:04 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-17 09:04 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2013-09-17 09:04 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-17 09:04 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2013-09-17 09:04 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-17 09:04 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-17 09:04 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-17 09:04 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-17 09:04 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-17 09:04 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-17 09:04 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-17 09:04 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-17 09:04 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-17 09:04 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-17 09:04 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-17 09:04 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-17 09:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-17 09:04 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-17 09:04 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-17 09:04 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-17 09:04 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 

==================== One Month Modified Files and Folders =======
 

2013-10-09 23:12 - 2013-10-09 23:12 - 00000000 ____D C:\FRST

2013-10-09 23:11 - 2011-02-07 16:26 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-09 23:10 - 2011-02-01 23:13 - 01283475 _____ C:\Windows\WindowsUpdate.log

2013-10-09 23:09 - 2012-03-30 19:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-09 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

2013-10-09 22:18 - 2011-02-07 16:26 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-09 18:29 - 2013-10-09 18:29 - 00000623 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-09 18:14 - 2013-09-01 13:45 - 00000000 ____D C:\Program Files (x86)\Origin

2013-10-09 18:14 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-09 18:14 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-09 18:07 - 2011-02-05 08:52 - 00000320 _____ C:\Windows\Tasks\qipdater.exe.job

2013-10-09 18:06 - 2013-07-03 03:30 - 00006574 _____ C:\Windows\setupact.log

2013-10-09 18:06 - 2011-02-02 00:25 - 00000000 ____D C:\ProgramData\NVIDIA

2013-10-09 18:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-09 18:01 - 2013-10-09 18:01 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-09 18:01 - 2012-03-30 19:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 18:01 - 2011-05-14 21:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 18:00 - 2011-03-26 01:29 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2013-10-09 18:00 - 2011-03-26 01:27 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2013-10-09 17:57 - 2011-03-26 01:27 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2013-10-08 17:05 - 2013-10-08 17:05 - 00000000 ____D C:\Users\Matthias\Documents\Egosoft

2013-10-08 17:01 - 2013-07-17 10:20 - 00162147 _____ C:\Windows\DirectX.log

2013-10-08 17:00 - 2011-02-10 23:31 - 00000000 ____D C:\Users\Admin

2013-10-08 15:49 - 2013-10-08 15:44 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4 Beta

2013-10-08 15:25 - 2013-10-08 15:25 - 00000202 _____ C:\Users\Matthias\Desktop\X3 Albion Prelude.url

2013-10-08 15:25 - 2013-10-08 15:25 - 00000200 _____ C:\Users\Matthias\Desktop\X3 Terran Conflict.url

2013-10-08 03:00 - 2011-02-13 02:48 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-07 11:15 - 2011-02-07 16:25 - 00000000 ____D C:\Program Files (x86)\Google

2013-10-07 10:49 - 2013-10-07 10:45 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4

2013-10-07 10:46 - 2011-03-26 03:30 - 00000000 ____D C:\Users\Matthias\AppData\Local\PunkBuster

2013-10-07 10:45 - 2013-09-01 13:45 - 00000000 ____D C:\ProgramData\Origin

2013-10-05 00:10 - 2011-03-12 14:26 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla

2013-10-04 23:48 - 2011-02-05 01:23 - 00000000 ____D C:\Users\Matthias\AppData\Local\Mozilla

2013-10-04 23:46 - 2011-03-26 01:04 - 00000000 ____D C:\Users\Admin\AppData\Local\PunkBuster

2013-10-04 23:42 - 2013-10-04 23:42 - 00000000 ____D C:\Users\Admin\AppData\Local\ESN

2013-10-04 23:40 - 2013-10-04 23:40 - 00000784 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk

2013-10-04 23:39 - 2013-10-04 23:39 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-04 23:39 - 2013-09-07 12:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-10-04 23:36 - 2013-10-04 23:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Origin

2013-10-04 23:36 - 2013-07-03 03:16 - 00000000 ___RD C:\Users\Admin\Podcasts

2013-10-04 23:36 - 2011-02-13 15:57 - 00092280 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-04 23:08 - 2013-10-04 23:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Origin

2013-10-04 23:07 - 2013-10-04 23:06 - 00000544 _____ C:\Windows\DXError.log

2013-09-29 22:01 - 2009-07-14 19:58 - 00707316 _____ C:\Windows\system32\perfh007.dat

2013-09-29 22:01 - 2009-07-14 19:58 - 00152908 _____ C:\Windows\system32\perfc007.dat

2013-09-29 22:01 - 2009-07-14 07:13 - 01642220 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-29 12:46 - 2013-07-18 03:40 - 00001200 _____ C:\Windows\PFRO.log

2013-09-17 19:46 - 2013-09-17 19:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Guild Wars 2

2013-09-17 19:46 - 2012-08-28 11:05 - 00000000 ____D C:\Users\Matthias\Documents\Guild Wars 2

2013-09-17 17:40 - 2012-12-05 01:07 - 00000000 ___RD C:\Users\Matthias\Podcasts

2013-09-17 17:40 - 2011-02-01 23:26 - 00000000 ___RD C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-17 17:40 - 2011-02-01 23:26 - 00000000 ___RD C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-17 17:39 - 2009-07-14 06:45 - 00369720 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-17 12:52 - 2013-07-18 03:58 - 00000000 ____D C:\Windows\system32\MRT

2013-09-17 12:49 - 2011-02-01 23:48 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-09-17 09:05 - 2013-09-17 09:05 - 00000517 _____ C:\Users\Public\Desktop\FTL.lnk

2013-09-17 09:05 - 2011-02-05 16:44 - 00000000 ____D C:\Users\Matthias\Documents\My Games
 

Some content of TEMP:

====================

C:\Users\Admin\AppData\Local\Temp\DivXSetup.exe

C:\Users\Admin\AppData\Local\Temp\sonarinst.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013

Ran by Matthias at 2013-10-09 23:12:42

Running from G:\

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)

applicationupdater (HKCU)

Battlefield 2(TM) (x32)

Battlefield 2: Special Forces (x32)

Battlefield 3™ (x32 Version: 1.6.0.0)

Battlefield 4™ Beta (x32 Version: 1.0.0.0)

BattleForge™ (x32 Version: 1.0.0.0)

Battlelog Web Plugins (x32 Version: 2.3.0)

CameraHelperMsi (x32 Version: 13.25.1010.0)

CCleaner (Version: 3.18)

Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0)

Company of Heroes (New Steam Version) (x32)

Conquest: Frontier Wars (x32)

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Dishonored (x32 Version: 1.0)

Dota 2 (x32)

Dungeonland (x32)

DVDx 4.0 Open Edition (x32 Version: 4.0 (Open Edition))

eReg (x32 Version: 1.20.138.34)

ESET Online Scanner v3 (x32)

ESN Sonar (x32 Version: 0.70.4)

Fahren Lernen 1.1 (x32)

FileZilla Client 3.3.5.1 (x32 Version: 3.3.5.1)

FTL version 1.03.3 (x32 Version: 1.03.3)

Google Update Helper (x32 Version: 1.3.21.165)

GPGNet (x32 Version: 1.0.0)

GUILD WARS (x32)

Guild Wars 2 (x32)

Heroes of Annihilated Empires (x32)

Homefront (x32)

Hunted: The Demon's Forge Version 1.0 (x32 Version: 1.0)

ICQ7.4 (x32 Version: 7.4)

Impulse (x32 Version: 1.0)

Last.fm 1.5.4.27091 (x32)

Left 4 Dead 2 (x32)

Logitech GamePanel Software 2.00 (Version: 2.00.171)

Logitech SetPoint 6.32 (Version: 6.32.20)

Logitech Vid (x32 Version: 1.70.1044)

Logitech Webcam Software (x32 Version: 2.0)

LWS Facebook (x32 Version: 13.20.1166.0)

LWS Gallery (x32 Version: 13.20.1166.0)

LWS Help_main (x32 Version: 13.25.1016.0)

LWS Launcher (x32 Version: 13.20.1166.0)

LWS Motion Detection (x32 Version: 13.20.1176.0)

LWS Pictures And Video (x32 Version: 13.25.1010.0)

LWS Twitter (x32 Version: 13.20.1166.0)

LWS Video Mask Maker (x32 Version: 13.10.1216.0)

LWS VideoEffects (Version: 13.25.1005.0)

LWS Webcam Software (x32 Version: 13.20.1168.0)

LWS WLM Plugin (x32 Version: 1.20.1166.0)

LWS YouTube Plugin (x32 Version: 13.20.1166.0)

Magical Jelly Bean KeyFinder (x32 Version: 2.0.9.8)

Magicka (x32)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Mass Effect (x32 Version: 1.00)

Mein CEWE FOTOBUCH (x32)

Meine Dienste Software (Version: 2.0.5.0)

Metro 2033 (x32)

Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)

Microsoft .NET Framework 1.1 (x32)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)

Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)

Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Security Client (Version: 4.3.0215.0)

Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)

Microsoft Security Essentials (Version: 4.3.215.0)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)

Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)

MicroVolts (x32)

Mozilla Firefox 14.0.1 (x86 de) (x32 Version: 14.0.1)

Mozilla Firefox 24.0 (x86 de) (HKCU Version: 24.0)

Mozilla Maintenance Service (x32 Version: 14.0.1)

Netzmanager (Version: 1.071)

Netzmanager (x32 Version: 1.071)

NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)

NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)

NVIDIA GeForce Experience 1.5 (Version: 1.5)

NVIDIA Grafiktreiber 320.49 (Version: 320.49)

NVIDIA Install Application (Version: 2.1002.124.810)

NVIDIA PhysX (x32 Version: 9.13.0604)

NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)

NVIDIA Systemsteuerung 320.49 (Version: 320.49)

NVIDIA Update 4.11.9 (Version: 4.11.9)

NVIDIA Update Components (Version: 4.11.9)

Origin (x32 Version: 9.3.2.2730)

Paint.NET v3.5.10 (Version: 3.60.0)

Pando Media Booster (x32 Version: 2.3.5.4)

PunkBuster Services (x32 Version: 0.991)

QIP 2010 4798 Jeak-Edition (x32 Version: 3.0.4798)

Sid Meier's Pirates! (x32 Version: 2.00.0000)

Sins of a Solar Empire - Trinity (x32 Version: 1.00)

Skype Click to Call (x32 Version: 5.9.9216)

Skype™ 5.10 (x32 Version: 5.10.116)

Spybot - Search & Destroy (x32 Version: 1.6.2)

Steam (x32 Version: 1.0.0.0)

Supreme Commander - Forged Alliance (x32 Version: 1.00.0000)

Supreme Commander (x32 Version: 1.00.0000)

swMSM (x32 Version: 12.0.0.1)

Team Fortress 2 (x32)

TeamSpeak 3 Client (HKCU)

The Lord of the Rings Online™ v03.03.00.8055 (x32 Version: 03.03.00.8055)

The Lord of the Rings: War in the North (x32)

Tom Clancy's H.A.W.X (x32 Version: 1.00.00000)

Tom Clancy's H.A.W.X. 2 (x32 Version: 1.0.1)

Trine (x32)

Trine 2 (x32)

Ubisoft Game Launcher (x32 Version: 1.0.0.0)

Unreal Tournament 3 (LG) (HKCU Version: 1.00.0000)

Unreal Tournament 3 (LG) (x32 Version: 1.00.0000)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition

Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)

VLC media player 1.1.7 (x32 Version: 1.1.7)

War Thunder Launcher 1.0.1.199 (HKCU)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

Windows Mobile Device Updater Component (Version: 04.08.2345.00)

X3: Albion Prelude (x32)

X3: Terran Conflict (x32)

YTD Video Downloader 3.9.5 (x32)

Zune (Version: 04.08.2345.00)

Zune Language Pack (CHS) (Version: 04.08.2345.00)

Zune Language Pack (CHT) (Version: 04.08.2345.00)

Zune Language Pack (CSY) (Version: 04.08.2345.00)

Zune Language Pack (DAN) (Version: 04.08.2345.00)

Zune Language Pack (DEU) (Version: 04.08.2345.00)

Zune Language Pack (ELL) (Version: 04.08.2345.00)

Zune Language Pack (ESP) (Version: 04.08.2345.00)

Zune Language Pack (FIN) (Version: 04.08.2345.00)

Zune Language Pack (FRA) (Version: 04.08.2345.00)

Zune Language Pack (HUN) (Version: 04.08.2345.00)

Zune Language Pack (IND) (Version: 04.08.2345.00)

Zune Language Pack (ITA) (Version: 04.08.2345.00)

Zune Language Pack (JPN) (Version: 04.08.2345.00)

Zune Language Pack (KOR) (Version: 04.08.2345.00)

Zune Language Pack (MSL) (Version: 04.08.2345.00)

Zune Language Pack (NLD) (Version: 04.08.2345.00)

Zune Language Pack (NOR) (Version: 04.08.2345.00)

Zune Language Pack (PLK) (Version: 04.08.2345.00)

Zune Language Pack (PTB) (Version: 04.08.2345.00)

Zune Language Pack (PTG) (Version: 04.08.2345.00)

Zune Language Pack (RUS) (Version: 04.08.2345.00)

Zune Language Pack (SVE) (Version: 04.08.2345.00)
 

==================== Restore Points  =========================
 

Could not list Restore Points.
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

Task: C:\Windows\Tasks\qipdater.exe.job => ?
 

==================== Loaded Modules (whitelisted) =============
 

2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

2011-02-18 11:03 - 2011-02-18 11:03 - 00242528 _____ () D:\Programme\Office 2010\Office14\IEAWSDC.DLL
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/09/2013 08:29:27 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (10/09/2013 08:28:51 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/09/2013 06:05:00 PM) (Source: Windows Search Service) (User: )

Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-2708633161-1882098511-3063541885-1001}/">.
 

Error: (10/09/2013 05:59:27 PM) (Source: Windows Search Service) (User: )

Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-2708633161-1882098511-3063541885-1001}/">.
 

Error: (10/07/2013 00:27:40 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)

Description: Produkt: Microsoft Office Single Image 2010 - Update "Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 

Error: (10/07/2013 00:27:40 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)

Description: Produkt: Microsoft Office Single Image 2010 -- Fehler 1711.Informationen können von Setup nicht auf die Festplatte geschrieben werden. Stellen Sie sicher, dass ausreichend Speicherplatz zur Verfügung steht, und überprüfen Sie die Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk.    Weitere mögliche Lösungen für dieses Problem erhalten Sie unter SETUP.CHM.
 

Error: (10/07/2013 11:17:26 AM) (Source: Windows Search Service) (User: )

Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-2708633161-1882098511-3063541885-1001}/">.
 

Error: (10/05/2013 00:42:19 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (10/05/2013 00:38:37 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/04/2013 11:58:48 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)

Description: Produkt: Microsoft Office Single Image 2010 - Update "Security Update for Microsoft Word 2010 (KB2760769) 64-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 
 

System errors:

=============

Error: (10/09/2013 08:37:46 PM) (Source: volsnap) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 

Error: (10/09/2013 06:06:39 PM) (Source: pssync05) (User: )

Description: Protection Synchronization Driver detected an internal error, contact the customer support service.
 

Error: (10/09/2013 06:06:33 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)

Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 

Error: (10/09/2013 03:20:26 PM) (Source: pssync05) (User: )

Description: Protection Synchronization Driver detected an internal error, contact the customer support service.
 

Error: (10/09/2013 03:20:23 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)

Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 

Error: (10/08/2013 09:51:47 PM) (Source: volsnap) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 

Error: (10/08/2013 09:15:40 PM) (Source: pssync05) (User: )

Description: Protection Synchronization Driver detected an internal error, contact the customer support service.
 

Error: (10/08/2013 09:15:37 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)

Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 

Error: (10/08/2013 06:00:58 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (10/08/2013 06:00:58 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
 
 

Microsoft Office Sessions:

=========================

Error: (10/09/2013 08:29:27 PM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*d:\programme\spybot - search & destroy\DelZip179.dlld:\programme\spybot - search & destroy\DelZip179.dll8
 

Error: (10/09/2013 08:28:51 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 

Error: (10/09/2013 06:05:00 PM) (Source: Windows Search Service)(User: )

Description: 300x80040d07iehistory://{S-1-5-21-2708633161-1882098511-3063541885-1001}/
 

Error: (10/09/2013 05:59:27 PM) (Source: Windows Search Service)(User: )

Description: 300x80040d07iehistory://{S-1-5-21-2708633161-1882098511-3063541885-1001}/
 

Error: (10/07/2013 00:27:40 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)

Description: Microsoft Office Single Image 2010Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition1603(NULL)(NULL)(NULL)
 

Error: (10/07/2013 00:27:40 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)

Description: Produkt: Microsoft Office Single Image 2010 -- Fehler 1711.Informationen können von Setup nicht auf die Festplatte geschrieben werden. Stellen Sie sicher, dass ausreichend Speicherplatz zur Verfügung steht, und überprüfen Sie die Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk.    Weitere mögliche Lösungen für dieses Problem erhalten Sie unter SETUP.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)
 

Error: (10/07/2013 11:17:26 AM) (Source: Windows Search Service)(User: )

Description: 300x80040d07iehistory://{S-1-5-21-2708633161-1882098511-3063541885-1001}/
 

Error: (10/05/2013 00:42:19 AM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*d:\programme\spybot - search & destroy\DelZip179.dlld:\programme\spybot - search & destroy\DelZip179.dll8
 

Error: (10/05/2013 00:38:37 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 

Error: (10/04/2013 11:58:48 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)

Description: Microsoft Office Single Image 2010Security Update for Microsoft Word 2010 (KB2760769) 64-Bit Edition1603(NULL)(NULL)(NULL)
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 59%

Total physical RAM: 4094.3 MB

Available physical RAM: 1661.43 MB

Total Pagefile: 8186.79 MB

Available Pagefile: 5135.61 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:39.06 GB) (Free:1.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Programme) (Fixed) (Total:48.83 GB) (Free:37.51 GB) NTFS

Drive e: (Spiele) (Fixed) (Total:292.97 GB) (Free:20.38 GB) NTFS

Drive f: (Musik) (Fixed) (Total:97.66 GB) (Free:61.04 GB) NTFS

Drive g: (Downloads) (Fixed) (Total:48.83 GB) (Free:29.29 GB) NTFS

Drive h: (Sonstiges) (Fixed) (Total:68.81 GB) (Free:39.7 GB) NTFS

Drive i: (Dishonored) (CDROM) (Total:7.59 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

==================== End Of Log ============================

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hi,

hier die ganzen Logs und wieder danke für die Hilfe.

Malwarebytes

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.10.10.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Admin :: CYPHER [Administrator]
 

10.10.2013 11:46:06

mbam-log-2013-10-10 (11-46-06).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 597006

Laufzeit: 1 Stunde(n), 32 Minute(n), 45 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 3

C:\Users\Admin\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Admin\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Admin\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 5

C:\Users\Admin\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Admin\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Admin\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Admin\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Admin\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

AdwCleaner

Code:

# AdwCleaner v3.007 - Bericht erstellt am 10/10/2013 um 15:26:15

# Updated 09/10/2013 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : Admin - CYPHER

# Gestartet von : F:\adwcleaner.exe

# Option : Suchen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gefunden : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\11-suche.xml

Ordner Gefunden C:\Users\Admin\AppData\Local\PackageAware

Ordner Gefunden C:\Users\Matthias\AppData\LocalLow\boost_interprocess

Ordner Gefunden C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\jetpack
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\APN PIP

Schlüssel Gefunden : HKCU\Software\Conduit

Schlüssel Gefunden : [x64] HKCU\Software\APN PIP

Schlüssel Gefunden : [x64] HKCU\Software\Conduit

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Schlüssel Gefunden : HKLM\Software\PIP
 

***** [ Browser ] *****
 

-\\ Internet Explorer v0.0.0.0
 
 

-\\ Mozilla Firefox v14.0.1 (de)
 

[ Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\prefs.js ]
 
 

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\csq3x71d.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [1606 octets] - [10/10/2013 15:26:15]
 

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [1666 octets] ##########

Code:

# AdwCleaner v3.007 - Bericht erstellt am 10/10/2013 um 15:36:13

# Updated 09/10/2013 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : Admin - CYPHER

# Gestartet von : F:\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Users\Matthias\AppData\LocalLow\boost_interprocess

Ordner Gelöscht : C:\Users\Admin\AppData\Local\PackageAware

Ordner Gelöscht : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\jetpack

Datei Gelöscht : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\11-suche.xml
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Schlüssel Gelöscht : HKCU\Software\APN PIP

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\PIP

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v0.0.0.0
 
 

-\\ Mozilla Firefox v14.0.1 (de)
 

[ Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\prefs.js ]
 
 

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\csq3x71d.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [1752 octets] - [10/10/2013 15:26:15]

AdwCleaner[S0].txt - [1581 octets] - [10/10/2013 15:36:13]
 

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1641 octets] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.4 (10.06.2013:1)

OS: Windows 7 Professional x64

Ran by Admin on 10.10.2013 at 15:44:57,28

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\end"
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10.10.2013 at 15:50:09,64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Matthias (ATTENTION: The logged in user is not administrator) on CYPHER on 10-10-2013 16:12:43

Running from G:\

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

(Logitech, Inc.) D:\Programme\Logitech\SetPoint\SetPointP\SetPoint.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) D:\Programme\Zune\ZuneLauncher.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2191632 2007-07-18] (Logitech Inc.)

HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3036944 2007-07-18] (Logitech Inc.)

HKLM\...\Run: [EvtMgr6] - D:\Programme\Logitech\SetPoint\SetPointP\SetPoint.exe [1680976 2010-10-29] (Logitech, Inc.)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)

HKLM\...\Run: [Zune Launcher] - D:\Programme\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)

HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}

HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}

HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}

HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install

HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install

HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKCU\...\Run: [Logitech Vid HD] - "D:\Programme\Webcam\Vid\vid.exe" -bootmode

HKCU\...\Run: [Logitech Vid] - "D:\Programme\Webcam\Vid\Vid.exe" -bootmode

MountPoints2: {ca63f40f-2e47-11e0-9a72-806e6f6e6963} - I:\SETUP.EXE

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk

ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk

ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk

ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8137FF955CC2CB01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\duckduckgo.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\englische-ergebnisse.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\gmx-suche.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\lastminute.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\webde-suche.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\wot-safe-search.xml

FF Extension: Fasterfox Lite - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\FasterFox_Lite@BigRedBrent

FF Extension: Flashblock - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF Extension: Fire.fm - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}

FF Extension: WOT - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF Extension: feedly - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\feedly@devhd.xpi

FF Extension: jid1-ZAdIEUB7XOzOJw - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Mozilla\Firefox\firefox.exe
 

==================== Services (Whitelisted) =================
 

R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)

R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-07] ()

S2 psrem02; C:\Windows\system32\psrem02.exe [606328 2006-05-11] (Protection Technology)

R2 SBSDWSCService; D:\Programme\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S2 sfrem01; C:\Windows\system32\sfrem01.exe [601208 2006-07-05] (Protection Technology (StarForce))

S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies)

S3 WMZuneComm; D:\Programme\Zune\WMZuneComm.exe [306400 2011-08-05] (Microsoft Corporation)

S3 ZuneNetworkSvc; D:\Programme\Zune\ZuneNss.exe [8277728 2011-08-05] (Microsoft Corporation)

S3 ZuneWlanCfgSvc; D:\Programme\Zune\ZuneWlanCfgSvc.exe [467680 2011-08-05] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

R0 psdrv02; C:\Windows\System32\drivers\psdrv02.sys [74616 2006-09-11] (Protection Technology)

R0 pssync05; C:\Windows\System32\drivers\pssync05.sys [80768 2006-11-03] (Protection Technology)

R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))

R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce))

R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-10 15:50 - 2013-10-10 15:50 - 00000846 _____ C:\Users\Admin\Desktop\JRT.txt

2013-10-10 15:44 - 2013-10-10 15:44 - 00000000 ____D C:\Windows\ERUNT

2013-10-10 11:43 - 2013-10-10 11:43 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-10 11:42 - 2013-10-10 11:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-10 11:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-10 01:54 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-10 01:54 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-10 01:54 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-10 01:54 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-10 01:54 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 01:54 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-10 01:54 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-10 01:54 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-10 01:54 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 01:54 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-10 01:54 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-10 01:54 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-10 01:54 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-10 01:54 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-10 01:54 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-10 01:54 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 01:54 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-10 01:54 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-10 01:54 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-10 01:54 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-10 01:54 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-10 01:54 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-10 01:54 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-10 01:54 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-10 01:54 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 01:54 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-10 01:54 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-10 01:53 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-10 01:53 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-10 01:53 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-10 01:53 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-10 01:53 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-10 01:53 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-10 01:53 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-10 01:53 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-10 01:53 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-10 01:53 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-10 01:53 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-10 01:53 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-10 01:53 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-10 01:53 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-10 01:53 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-10 01:53 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-10 01:53 - 2013-08-27 11:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-10-10 01:53 - 2013-08-27 11:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2013-10-10 01:53 - 2013-08-27 10:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-10-10 01:53 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 01:53 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 01:53 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 23:12 - 2013-10-09 23:12 - 00000000 ____D C:\FRST

2013-10-09 18:01 - 2013-10-09 18:01 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-08 17:05 - 2013-10-08 17:05 - 00000000 ____D C:\Users\Matthias\Documents\Egosoft

2013-10-08 15:44 - 2013-10-08 15:49 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4 Beta

2013-10-08 15:25 - 2013-10-08 15:25 - 00000202 _____ C:\Users\Matthias\Desktop\X3 Albion Prelude.url

2013-10-08 15:25 - 2013-10-08 15:25 - 00000200 _____ C:\Users\Matthias\Desktop\X3 Terran Conflict.url

2013-10-07 10:45 - 2013-10-07 10:49 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4

2013-10-04 23:42 - 2013-10-04 23:42 - 00000000 ____D C:\Users\Admin\AppData\Local\ESN

2013-10-04 23:40 - 2013-10-04 23:40 - 00000784 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk

2013-10-04 23:39 - 2013-10-04 23:39 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-04 23:08 - 2013-10-04 23:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Origin

2013-10-04 23:08 - 2013-10-04 23:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Origin

2013-10-04 23:06 - 2013-10-04 23:07 - 00000544 _____ C:\Windows\DXError.log

2013-09-17 19:46 - 2013-09-17 19:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Guild Wars 2

2013-09-17 09:05 - 2013-09-17 09:05 - 00000517 _____ C:\Users\Public\Desktop\FTL.lnk

2013-09-17 09:04 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-17 09:04 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-17 09:04 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-17 09:04 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-17 09:04 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-17 09:04 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-17 09:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-17 09:04 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-17 09:04 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-17 09:04 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-17 09:04 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 

==================== One Month Modified Files and Folders =======
 

2013-10-10 16:11 - 2011-02-07 16:26 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-10 16:09 - 2011-02-01 23:13 - 01185721 _____ C:\Windows\WindowsUpdate.log

2013-10-10 16:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

2013-10-10 16:01 - 2012-03-30 19:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-10 15:50 - 2013-10-10 15:50 - 00000846 _____ C:\Users\Admin\Desktop\JRT.txt

2013-10-10 15:45 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-10 15:45 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-10 15:44 - 2013-10-10 15:44 - 00000000 ____D C:\Windows\ERUNT

2013-10-10 15:38 - 2011-02-05 08:52 - 00000320 _____ C:\Windows\Tasks\qipdater.exe.job

2013-10-10 15:37 - 2013-07-03 03:30 - 00006798 _____ C:\Windows\setupact.log

2013-10-10 15:37 - 2011-02-07 16:26 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-10 15:37 - 2011-02-02 00:25 - 00000000 ____D C:\ProgramData\NVIDIA

2013-10-10 15:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-10 15:20 - 2013-07-18 03:40 - 00003272 _____ C:\Windows\PFRO.log

2013-10-10 11:46 - 2009-07-14 19:58 - 00707316 _____ C:\Windows\system32\perfh007.dat

2013-10-10 11:46 - 2009-07-14 19:58 - 00152908 _____ C:\Windows\system32\perfc007.dat

2013-10-10 11:46 - 2009-07-14 07:13 - 01642220 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-10 11:43 - 2013-10-10 11:43 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-10 11:43 - 2013-10-10 11:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-10 11:40 - 2009-07-14 06:45 - 00369720 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-10 11:37 - 2013-03-14 03:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 11:37 - 2013-03-14 03:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-10 02:13 - 2011-02-13 02:48 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-10 02:10 - 2011-02-05 01:26 - 01619178 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-10 02:03 - 2013-07-18 03:58 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 02:03 - 2011-02-01 23:48 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 23:12 - 2013-10-09 23:12 - 00000000 ____D C:\FRST

2013-10-09 18:14 - 2013-09-01 13:45 - 00000000 ____D C:\Program Files (x86)\Origin

2013-10-09 18:01 - 2013-10-09 18:01 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-09 18:01 - 2012-03-30 19:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 18:01 - 2011-05-14 21:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 18:00 - 2011-03-26 01:29 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2013-10-09 18:00 - 2011-03-26 01:27 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2013-10-09 17:57 - 2011-03-26 01:27 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2013-10-08 17:05 - 2013-10-08 17:05 - 00000000 ____D C:\Users\Matthias\Documents\Egosoft

2013-10-08 17:01 - 2013-07-17 10:20 - 00162147 _____ C:\Windows\DirectX.log

2013-10-08 17:00 - 2011-02-10 23:31 - 00000000 ____D C:\Users\Admin

2013-10-08 15:49 - 2013-10-08 15:44 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4 Beta

2013-10-08 15:25 - 2013-10-08 15:25 - 00000202 _____ C:\Users\Matthias\Desktop\X3 Albion Prelude.url

2013-10-08 15:25 - 2013-10-08 15:25 - 00000200 _____ C:\Users\Matthias\Desktop\X3 Terran Conflict.url

2013-10-07 11:15 - 2011-02-07 16:25 - 00000000 ____D C:\Program Files (x86)\Google

2013-10-07 10:49 - 2013-10-07 10:45 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4

2013-10-07 10:46 - 2011-03-26 03:30 - 00000000 ____D C:\Users\Matthias\AppData\Local\PunkBuster

2013-10-07 10:45 - 2013-09-01 13:45 - 00000000 ____D C:\ProgramData\Origin

2013-10-05 00:10 - 2011-03-12 14:26 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla

2013-10-04 23:48 - 2011-02-05 01:23 - 00000000 ____D C:\Users\Matthias\AppData\Local\Mozilla

2013-10-04 23:46 - 2011-03-26 01:04 - 00000000 ____D C:\Users\Admin\AppData\Local\PunkBuster

2013-10-04 23:42 - 2013-10-04 23:42 - 00000000 ____D C:\Users\Admin\AppData\Local\ESN

2013-10-04 23:40 - 2013-10-04 23:40 - 00000784 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk

2013-10-04 23:39 - 2013-10-04 23:39 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-04 23:39 - 2013-09-07 12:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-10-04 23:36 - 2013-10-04 23:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Origin

2013-10-04 23:36 - 2013-07-03 03:16 - 00000000 ___RD C:\Users\Admin\Podcasts

2013-10-04 23:36 - 2011-02-13 15:57 - 00092280 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-04 23:08 - 2013-10-04 23:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Origin

2013-10-04 23:07 - 2013-10-04 23:06 - 00000544 _____ C:\Windows\DXError.log

2013-09-17 19:46 - 2013-09-17 19:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Guild Wars 2

2013-09-17 19:46 - 2012-08-28 11:05 - 00000000 ____D C:\Users\Matthias\Documents\Guild Wars 2

2013-09-17 17:40 - 2012-12-05 01:07 - 00000000 ___RD C:\Users\Matthias\Podcasts

2013-09-17 17:40 - 2011-02-01 23:26 - 00000000 ___RD C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-17 17:40 - 2011-02-01 23:26 - 00000000 ___RD C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-17 09:05 - 2013-09-17 09:05 - 00000517 _____ C:\Users\Public\Desktop\FTL.lnk

2013-09-17 09:05 - 2011-02-05 16:44 - 00000000 ____D C:\Users\Matthias\Documents\My Games

2013-09-14 03:10 - 2013-10-10 01:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
 

Some content of TEMP:

====================

C:\Users\Admin\AppData\Local\Temp\DivXSetup.exe

C:\Users\Admin\AppData\Local\Temp\sonarinst.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hi,

hier erstmal die Logs.
Probleme treten momentan nicht auf. Was war das denn für ein Programm bzw. was für einen Effekt kann es gehabt haben? Die Passwörter werde natürlich ändern aber konnte es die überhaupt auslesen/abgreifen?
Vielen Dank für die Geduld :)
Edit: Ich glaube ich hab Eset aus Versehen beendet, als ich es aus dem Standby geholt habe. Das meiste müsste aber nach 3 1/2 Stunden durchgewesen sein. Einen nochmal vollständigen Scan stelle ich am Sonntag rein.

Eset

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=8ee124f18fb2f24fbc33dc80830ce790

# engine=13205

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-02-21 12:55:28

# local_time=2013-02-21 01:55:28 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 40697941 113081178 0 0

# scanned=272604

# found=0

# cleaned=0

# scan_time=11146

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=8ee124f18fb2f24fbc33dc80830ce790

# engine=15440

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-10-11 11:19:36

# local_time=2013-10-11 01:19:36 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 7956992 133120226 0 0

# scanned=384941

# found=0

# cleaned=0

# scan_time=12719

Security Check

Code:

 Results of screen317's Security Check version 0.99.74  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 ``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials   

 Antivirus up to date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Adobe Flash Player 11.9.900.117  

 Adobe Reader 10.1.7 Adobe Reader out of Date!  

 Mozilla Firefox 14.0.1 Firefox out of Date!  
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Spybot Teatimer.exe is disabled! 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Matthias (ATTENTION: The logged in user is not administrator) on CYPHER on 11-10-2013 13:28:37

Running from G:\

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

(Logitech, Inc.) D:\Programme\Logitech\SetPoint\SetPointP\SetPoint.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) D:\Programme\Zune\ZuneLauncher.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Mozilla Corporation) D:\Programme\Mozilla\Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2191632 2007-07-18] (Logitech Inc.)

HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3036944 2007-07-18] (Logitech Inc.)

HKLM\...\Run: [EvtMgr6] - D:\Programme\Logitech\SetPoint\SetPointP\SetPoint.exe [1680976 2010-10-29] (Logitech, Inc.)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)

HKLM\...\Run: [Zune Launcher] - D:\Programme\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)

HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}

HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}

HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}

HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install

HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install

HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKCU\...\Run: [Logitech Vid HD] - "D:\Programme\Webcam\Vid\vid.exe" -bootmode

HKCU\...\Run: [Logitech Vid] - "D:\Programme\Webcam\Vid\Vid.exe" -bootmode

MountPoints2: {ca63f40f-2e47-11e0-9a72-806e6f6e6963} - I:\SETUP.EXE

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk

ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk

ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk

ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8137FF955CC2CB01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\duckduckgo.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\englische-ergebnisse.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\gmx-suche.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\lastminute.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\webde-suche.xml

FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\searchplugins\wot-safe-search.xml

FF Extension: Fasterfox Lite - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\FasterFox_Lite@BigRedBrent

FF Extension: Flashblock - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF Extension: Fire.fm - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}

FF Extension: WOT - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF Extension: feedly - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\feedly@devhd.xpi

FF Extension: jid1-ZAdIEUB7XOzOJw - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

FF Extension: No Name - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\86rpcxpv.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Mozilla\Firefox\firefox.exe
 

==================== Services (Whitelisted) =================
 

R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)

R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-07] ()

S2 psrem02; C:\Windows\system32\psrem02.exe [606328 2006-05-11] (Protection Technology)

R2 SBSDWSCService; D:\Programme\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S2 sfrem01; C:\Windows\system32\sfrem01.exe [601208 2006-07-05] (Protection Technology (StarForce))

S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies)

S3 WMZuneComm; D:\Programme\Zune\WMZuneComm.exe [306400 2011-08-05] (Microsoft Corporation)

S3 ZuneNetworkSvc; D:\Programme\Zune\ZuneNss.exe [8277728 2011-08-05] (Microsoft Corporation)

S3 ZuneWlanCfgSvc; D:\Programme\Zune\ZuneWlanCfgSvc.exe [467680 2011-08-05] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

R0 psdrv02; C:\Windows\System32\drivers\psdrv02.sys [74616 2006-09-11] (Protection Technology)

R0 pssync05; C:\Windows\System32\drivers\pssync05.sys [80768 2006-11-03] (Protection Technology)

R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))

R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce))

R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-11 13:25 - 2013-10-11 13:25 - 00891167 _____ C:\Users\Matthias\Desktop\SecurityCheck.exe

2013-10-10 17:58 - 2013-10-10 17:58 - 00071105 _____ C:\Users\Admin\Downloads\produkey_1.65.x64(1).zip

2013-10-10 17:57 - 2013-10-10 17:57 - 00071105 _____ C:\Users\Admin\Downloads\produkey_1.65.x64.zip

2013-10-10 15:50 - 2013-10-10 15:50 - 00000846 _____ C:\Users\Admin\Desktop\JRT.txt

2013-10-10 15:44 - 2013-10-10 15:44 - 00000000 ____D C:\Windows\ERUNT

2013-10-10 11:43 - 2013-10-10 11:43 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-10 11:42 - 2013-10-10 11:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-10 11:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-10 01:54 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-10 01:54 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-10 01:54 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-10 01:54 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-10 01:54 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 01:54 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-10 01:54 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-10 01:54 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-10 01:54 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 01:54 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-10 01:54 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-10 01:54 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-10 01:54 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-10 01:54 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-10 01:54 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-10 01:54 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 01:54 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-10 01:54 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-10 01:54 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-10 01:54 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-10 01:54 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-10 01:54 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-10 01:54 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-10 01:54 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-10 01:54 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 01:54 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-10 01:54 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-10 01:53 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-10 01:53 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-10 01:53 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-10 01:53 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-10 01:53 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-10 01:53 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-10 01:53 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-10 01:53 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-10 01:53 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-10 01:53 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-10 01:53 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-10 01:53 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-10 01:53 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-10 01:53 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-10 01:53 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-10 01:53 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-10 01:53 - 2013-08-27 11:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-10-10 01:53 - 2013-08-27 11:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2013-10-10 01:53 - 2013-08-27 10:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-10-10 01:53 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 01:53 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 01:53 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 23:12 - 2013-10-09 23:12 - 00000000 ____D C:\FRST

2013-10-09 18:01 - 2013-10-09 18:01 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-08 17:05 - 2013-10-08 17:05 - 00000000 ____D C:\Users\Matthias\Documents\Egosoft

2013-10-08 15:44 - 2013-10-08 15:49 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4 Beta

2013-10-08 15:25 - 2013-10-08 15:25 - 00000202 _____ C:\Users\Matthias\Desktop\X3 Albion Prelude.url

2013-10-08 15:25 - 2013-10-08 15:25 - 00000200 _____ C:\Users\Matthias\Desktop\X3 Terran Conflict.url

2013-10-07 10:45 - 2013-10-07 10:49 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4

2013-10-04 23:42 - 2013-10-04 23:42 - 00000000 ____D C:\Users\Admin\AppData\Local\ESN

2013-10-04 23:40 - 2013-10-04 23:40 - 00000784 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk

2013-10-04 23:39 - 2013-10-04 23:39 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-04 23:08 - 2013-10-04 23:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Origin

2013-10-04 23:08 - 2013-10-04 23:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Origin

2013-10-04 23:06 - 2013-10-04 23:07 - 00000544 _____ C:\Windows\DXError.log

2013-09-17 19:46 - 2013-09-17 19:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Guild Wars 2

2013-09-17 09:05 - 2013-09-17 09:05 - 00000517 _____ C:\Users\Public\Desktop\FTL.lnk

2013-09-17 09:04 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-17 09:04 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-17 09:04 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-17 09:04 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-17 09:04 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-17 09:04 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-17 09:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-17 09:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-17 09:04 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-17 09:04 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-17 09:04 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-17 09:04 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 

==================== One Month Modified Files and Folders =======
 

2013-10-11 13:25 - 2013-10-11 13:25 - 00891167 _____ C:\Users\Matthias\Desktop\SecurityCheck.exe

2013-10-11 13:23 - 2011-02-01 23:26 - 00000000 ____D C:\Users\Matthias\AppData\Local\VirtualStore

2013-10-11 13:11 - 2011-02-07 16:26 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-11 13:01 - 2012-03-30 19:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-11 12:48 - 2011-02-01 23:13 - 01422005 _____ C:\Windows\WindowsUpdate.log

2013-10-11 09:47 - 2009-07-14 19:58 - 00707316 _____ C:\Windows\system32\perfh007.dat

2013-10-11 09:47 - 2009-07-14 19:58 - 00152908 _____ C:\Windows\system32\perfc007.dat

2013-10-11 09:47 - 2009-07-14 07:13 - 01642220 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-11 08:07 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-11 08:07 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-11 08:00 - 2013-09-01 13:45 - 00000000 ____D C:\Program Files (x86)\Origin

2013-10-11 08:00 - 2011-02-07 16:26 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-11 08:00 - 2011-02-05 08:52 - 00000320 _____ C:\Windows\Tasks\qipdater.exe.job

2013-10-11 07:59 - 2013-07-03 03:30 - 00006854 _____ C:\Windows\setupact.log

2013-10-11 07:59 - 2011-02-02 00:25 - 00000000 ____D C:\ProgramData\NVIDIA

2013-10-11 07:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-10 17:58 - 2013-10-10 17:58 - 00071105 _____ C:\Users\Admin\Downloads\produkey_1.65.x64(1).zip

2013-10-10 17:57 - 2013-10-10 17:57 - 00071105 _____ C:\Users\Admin\Downloads\produkey_1.65.x64.zip

2013-10-10 16:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

2013-10-10 15:50 - 2013-10-10 15:50 - 00000846 _____ C:\Users\Admin\Desktop\JRT.txt

2013-10-10 15:44 - 2013-10-10 15:44 - 00000000 ____D C:\Windows\ERUNT

2013-10-10 15:20 - 2013-07-18 03:40 - 00003272 _____ C:\Windows\PFRO.log

2013-10-10 11:43 - 2013-10-10 11:43 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-10 11:43 - 2013-10-10 11:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-10 11:40 - 2009-07-14 06:45 - 00369720 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-10 11:37 - 2013-03-14 03:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 11:37 - 2013-03-14 03:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-10 02:13 - 2011-02-13 02:48 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-10 02:10 - 2011-02-05 01:26 - 01619178 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-10 02:05 - 2013-07-18 03:58 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 02:03 - 2011-02-01 23:48 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 23:12 - 2013-10-09 23:12 - 00000000 ____D C:\FRST

2013-10-09 18:01 - 2013-10-09 18:01 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-09 18:01 - 2012-03-30 19:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 18:01 - 2011-05-14 21:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 18:00 - 2011-03-26 01:29 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2013-10-09 18:00 - 2011-03-26 01:27 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2013-10-09 17:57 - 2011-03-26 01:27 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2013-10-08 17:05 - 2013-10-08 17:05 - 00000000 ____D C:\Users\Matthias\Documents\Egosoft

2013-10-08 17:01 - 2013-07-17 10:20 - 00162147 _____ C:\Windows\DirectX.log

2013-10-08 17:00 - 2011-02-10 23:31 - 00000000 ____D C:\Users\Admin

2013-10-08 15:49 - 2013-10-08 15:44 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4 Beta

2013-10-08 15:25 - 2013-10-08 15:25 - 00000202 _____ C:\Users\Matthias\Desktop\X3 Albion Prelude.url

2013-10-08 15:25 - 2013-10-08 15:25 - 00000200 _____ C:\Users\Matthias\Desktop\X3 Terran Conflict.url

2013-10-07 11:15 - 2011-02-07 16:25 - 00000000 ____D C:\Program Files (x86)\Google

2013-10-07 10:49 - 2013-10-07 10:45 - 00000000 ____D C:\Users\Matthias\Documents\Battlefield 4

2013-10-07 10:46 - 2011-03-26 03:30 - 00000000 ____D C:\Users\Matthias\AppData\Local\PunkBuster

2013-10-07 10:45 - 2013-09-01 13:45 - 00000000 ____D C:\ProgramData\Origin

2013-10-05 00:10 - 2011-03-12 14:26 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla

2013-10-04 23:48 - 2011-02-05 01:23 - 00000000 ____D C:\Users\Matthias\AppData\Local\Mozilla

2013-10-04 23:46 - 2011-03-26 01:04 - 00000000 ____D C:\Users\Admin\AppData\Local\PunkBuster

2013-10-04 23:42 - 2013-10-04 23:42 - 00000000 ____D C:\Users\Admin\AppData\Local\ESN

2013-10-04 23:40 - 2013-10-04 23:40 - 00000784 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk

2013-10-04 23:39 - 2013-10-04 23:39 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-04 23:39 - 2013-09-07 12:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-10-04 23:36 - 2013-10-04 23:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Origin

2013-10-04 23:36 - 2013-07-03 03:16 - 00000000 ___RD C:\Users\Admin\Podcasts

2013-10-04 23:36 - 2011-02-13 15:57 - 00092280 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-04 23:08 - 2013-10-04 23:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Origin

2013-10-04 23:07 - 2013-10-04 23:06 - 00000544 _____ C:\Windows\DXError.log

2013-09-17 19:46 - 2013-09-17 19:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Guild Wars 2

2013-09-17 19:46 - 2012-08-28 11:05 - 00000000 ____D C:\Users\Matthias\Documents\Guild Wars 2

2013-09-17 17:40 - 2012-12-05 01:07 - 00000000 ___RD C:\Users\Matthias\Podcasts

2013-09-17 17:40 - 2011-02-01 23:26 - 00000000 ___RD C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-17 17:40 - 2011-02-01 23:26 - 00000000 ___RD C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-17 09:05 - 2013-09-17 09:05 - 00000517 _____ C:\Users\Public\Desktop\FTL.lnk

2013-09-17 09:05 - 2011-02-05 16:44 - 00000000 ____D C:\Users\Matthias\Documents\My Games

2013-09-14 03:10 - 2013-10-10 01:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
 

Some content of TEMP:

====================

C:\Users\Admin\AppData\Local\Temp\DivXSetup.exe

C:\Users\Admin\AppData\Local\Temp\sonarinst.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Das war nur ADware. Adobe und Firefox updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hi,
vielen Dank für die schnelle und gute Hilfe, es ist wirklich super was ihr hier macht.
Ich habe im Moment keine Probleme und Fragen hatte ich vorher schon gestellt. ;)
Kannst es also zumachen.

MfG
Raeve